git.baikalelectronics.ru Git - kernel.git/commit

author	Ahmad Fatoum <a.fatoum@pengutronix.de>
	Fri, 13 May 2022 14:57:00 +0000 (16:57 +0200)
committer	Jarkko Sakkinen <jarkko@kernel.org>
	Mon, 23 May 2022 15:47:50 +0000 (18:47 +0300)
commit	f382d8df157e4cc5b19284705552a332347d03d1
tree	80e61e94c05de33043fefb0e4970e53e32c4f16b	tree \| snapshot
parent	a63a746223c2aeef6087b35f3c0fcfadff6b3ae0	commit \| diff

KEYS: trusted: allow use of kernel RNG for key material

The two existing trusted key sources don't make use of the kernel RNG,
but instead let the hardware doing the sealing/unsealing also
generate the random key material. However, both users and future
backends may want to place less trust into the quality of the trust
source's random number generator and instead reuse the kernel entropy
pool, which can be seeded from multiple entropy sources.

Make this possible by adding a new trusted.rng parameter,
that will force use of the kernel RNG. In its absence, it's up
to the trust source to decide, which random numbers to use,
maintaining the existing behavior.

Suggested-by: Jarkko Sakkinen <jarkko@kernel.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Reviewed-by: David Gstir <david@sigma-star.at>
Reviewed-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Tested-by: Michael Walle <michael@walle.cc> # on ls1028a (non-E and E)
Tested-by: John Ernberg <john.ernberg@actia.se> # iMX8QXP
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

Documentation/admin-guide/kernel-parameters.txt		diff \| blob \| history
Documentation/security/keys/trusted-encrypted.rst		diff \| blob \| history
include/keys/trusted-type.h		diff \| blob \| history
security/keys/trusted-keys/trusted_core.c		diff \| blob \| history