tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

KEYS: trusted: allow use of kernel RNG for key material

The two existing trusted key sources don't make use of the kernel RNG,
but instead let the hardware doing the sealing/unsealing also
generate the random key material. However, both users and future
backends may want to place less trust into the quality of the trust
source's random number generator and instead reuse the kernel entropy
pool, which can be seeded from multiple entropy sources.

Make this possible by adding a new trusted.rng parameter,
that will force use of the kernel RNG. In its absence, it's up
to the trust source to decide, which random numbers to use,
maintaining the existing behavior.

Suggested-by: Jarkko Sakkinen <jarkko@kernel.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Reviewed-by: David Gstir <david@sigma-star.at>
Reviewed-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Tested-by: Michael Walle <michael@walle.cc> # on ls1028a (non-E and E)
Tested-by: John Ernberg <john.ernberg@actia.se> # iMX8QXP
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

authored by

Ahmad Fatoum and committed by
Jarkko Sakkinen fcd7c269 be07858f

+57 -10
+10
Documentation/admin-guide/kernel-parameters.txt
··· 5963 5963 first trust source as a backend which is initialized 5964 5964 successfully during iteration. 5965 5965 5966 + trusted.rng= [KEYS] 5967 + Format: <string> 5968 + The RNG used to generate key material for trusted keys. 5969 + Can be one of: 5970 + - "kernel" 5971 + - the same value as trusted.source: "tpm" or "tee" 5972 + - "default" 5973 + If not specified, "default" is used. In this case, 5974 + the RNG's choice is left to each individual trust source. 5975 + 5966 5976 tsc= Disable clocksource stability checks for TSC. 5967 5977 Format: <string> 5968 5978 [x86] reliable: mark tsc clocksource as reliable, this
+12 -8
Documentation/security/keys/trusted-encrypted.rst
··· 87 87 Trusted Keys 88 88 ------------ 89 89 90 - New keys are created from random numbers generated in the trust source. They 91 - are encrypted/decrypted using a child key in the storage key hierarchy. 92 - Encryption and decryption of the child key must be protected by a strong 93 - access control policy within the trust source. 90 + New keys are created from random numbers. They are encrypted/decrypted using 91 + a child key in the storage key hierarchy. Encryption and decryption of the 92 + child key must be protected by a strong access control policy within the 93 + trust source. The random number generator in use differs according to the 94 + selected trust source: 94 95 95 - * TPM (hardware device) based RNG 96 + * TPM: hardware device based RNG 96 97 97 - Strength of random numbers may vary from one device manufacturer to 98 - another. 98 + Keys are generated within the TPM. Strength of random numbers may vary 99 + from one device manufacturer to another. 99 100 100 - * TEE (OP-TEE based on Arm TrustZone) based RNG 101 + * TEE: OP-TEE based on Arm TrustZone based RNG 101 102 102 103 RNG is customizable as per platform needs. It can either be direct output 103 104 from platform specific hardware RNG or a software based Fortuna CSPRNG 104 105 which can be seeded via multiple entropy sources. 106 + 107 + Users may override this by specifying ``trusted.rng=kernel`` on the kernel 108 + command-line to override the used RNG with the kernel's random number pool. 105 109 106 110 Encrypted Keys 107 111 --------------
+1 -1
include/keys/trusted-type.h
··· 64 64 /* Unseal a key. */ 65 65 int (*unseal)(struct trusted_key_payload *p, char *datablob); 66 66 67 - /* Get a randomized key. */ 67 + /* Optional: Get a randomized key. */ 68 68 int (*get_random)(unsigned char *key, size_t key_len); 69 69 70 70 /* Exit key interface. */
+34 -1
security/keys/trusted-keys/trusted_core.c
··· 16 16 #include <linux/key-type.h> 17 17 #include <linux/module.h> 18 18 #include <linux/parser.h> 19 + #include <linux/random.h> 19 20 #include <linux/rcupdate.h> 20 21 #include <linux/slab.h> 21 22 #include <linux/static_call.h> 22 23 #include <linux/string.h> 23 24 #include <linux/uaccess.h> 25 + 26 + static char *trusted_rng = "default"; 27 + module_param_named(rng, trusted_rng, charp, 0); 28 + MODULE_PARM_DESC(rng, "Select trusted key RNG"); 24 29 25 30 static char *trusted_key_source; 26 31 module_param_named(source, trusted_key_source, charp, 0); ··· 317 312 }; 318 313 EXPORT_SYMBOL_GPL(key_type_trusted); 319 314 315 + static int kernel_get_random(unsigned char *key, size_t key_len) 316 + { 317 + return get_random_bytes_wait(key, key_len) ?: key_len; 318 + } 319 + 320 320 static int __init init_trusted(void) 321 321 { 322 + int (*get_random)(unsigned char *key, size_t key_len); 322 323 int i, ret = 0; 323 324 324 325 for (i = 0; i < ARRAY_SIZE(trusted_key_sources); i++) { ··· 333 322 strlen(trusted_key_sources[i].name))) 334 323 continue; 335 324 325 + /* 326 + * We always support trusted.rng="kernel" and "default" as 327 + * well as trusted.rng=$trusted.source if the trust source 328 + * defines its own get_random callback. 329 + */ 330 + get_random = trusted_key_sources[i].ops->get_random; 331 + if (trusted_rng && strcmp(trusted_rng, "default")) { 332 + if (!strcmp(trusted_rng, "kernel")) { 333 + get_random = kernel_get_random; 334 + } else if (strcmp(trusted_rng, trusted_key_sources[i].name) || 335 + !get_random) { 336 + pr_warn("Unsupported RNG. Supported: kernel"); 337 + if (get_random) 338 + pr_cont(", %s", trusted_key_sources[i].name); 339 + pr_cont(", default\n"); 340 + return -EINVAL; 341 + } 342 + } 343 + 344 + if (!get_random) 345 + get_random = kernel_get_random; 346 + 336 347 static_call_update(trusted_key_init, 337 348 trusted_key_sources[i].ops->init); 338 349 static_call_update(trusted_key_seal, ··· 362 329 static_call_update(trusted_key_unseal, 363 330 trusted_key_sources[i].ops->unseal); 364 331 static_call_update(trusted_key_get_random, 365 - trusted_key_sources[i].ops->get_random); 332 + get_random); 366 333 static_call_update(trusted_key_exit, 367 334 trusted_key_sources[i].ops->exit); 368 335 migratable = trusted_key_sources[i].ops->migratable;