~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/security/keys/trusted-encrypted.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/security/keys/trusted-encrypted.rst (Version linux-6.12-rc7) and /Documentation/security/keys/trusted-encrypted.rst (Version linux-4.4.302)


  1 ==========================                        
  2 Trusted and Encrypted Keys                        
  3 ==========================                        
  4                                                   
  5 Trusted and Encrypted Keys are two new key typ    
  6 key ring service.  Both of these new types are    
  7 and in both cases all keys are created in the     
  8 stores, and loads only encrypted blobs.  Trust    
  9 of a Trust Source for greater security, while     
 10 system. All user level blobs, are displayed an    
 11 convenience, and are integrity verified.          
 12                                                   
 13                                                   
 14 Trust Source                                      
 15 ============                                      
 16                                                   
 17 A trust source provides the source of security    
 18 section lists currently supported trust source    
 19 considerations.  Whether or not a trust source    
 20 on the strength and correctness of its impleme    
 21 environment for a specific use case.  Since th    
 22 environment is, and there is no metric of trus    
 23 consumer of the Trusted Keys to determine if t    
 24 safe.                                             
 25                                                   
 26   *  Root of trust for storage                    
 27                                                   
 28      (1) TPM (Trusted Platform Module: hardwar    
 29                                                   
 30          Rooted to Storage Root Key (SRK) whic    
 31          provides crypto operation to establis    
 32                                                   
 33      (2) TEE (Trusted Execution Environment: O    
 34                                                   
 35          Rooted to Hardware Unique Key (HUK) w    
 36          fuses and is accessible to TEE only.     
 37                                                   
 38      (3) CAAM (Cryptographic Acceleration and     
 39                                                   
 40          When High Assurance Boot (HAB) is ena    
 41          mode, trust is rooted to the OTPMK, a    
 42          randomly generated and fused into eac    
 43          Otherwise, a common fixed test key is    
 44                                                   
 45      (4) DCP (Data Co-Processor: crypto accele    
 46                                                   
 47          Rooted to a one-time programmable key    
 48          in the on-chip fuses and is accessibl    
 49          DCP provides two keys that can be use    
 50          and the UNIQUE key. Default is to use    
 51          the OTP key can be done via a module     
 52                                                   
 53   *  Execution isolation                          
 54                                                   
 55      (1) TPM                                      
 56                                                   
 57          Fixed set of operations running in is    
 58                                                   
 59      (2) TEE                                      
 60                                                   
 61          Customizable set of operations runnin    
 62          environment verified via Secure/Trust    
 63                                                   
 64      (3) CAAM                                     
 65                                                   
 66          Fixed set of operations running in is    
 67                                                   
 68      (4) DCP                                      
 69                                                   
 70          Fixed set of cryptographic operations    
 71          environment. Only basic blob key encr    
 72          The actual key sealing/unsealing is d    
 73                                                   
 74   * Optional binding to platform integrity sta    
 75                                                   
 76      (1) TPM                                      
 77                                                   
 78          Keys can be optionally sealed to spec    
 79          values, and only unsealed by the TPM,    
 80          verifications match. A loaded Trusted    
 81          (future) PCR values, so keys are easi    
 82          such as when the kernel and initramfs    
 83          have many saved blobs under different    
 84          easily supported.                        
 85                                                   
 86      (2) TEE                                      
 87                                                   
 88          Relies on Secure/Trusted boot process    
 89          be extended with TEE based measured b    
 90                                                   
 91      (3) CAAM                                     
 92                                                   
 93          Relies on the High Assurance Boot (HA    
 94          for platform integrity.                  
 95                                                   
 96      (4) DCP                                      
 97                                                   
 98          Relies on Secure/Trusted boot process    
 99          platform integrity.                      
100                                                   
101   *  Interfaces and APIs                          
102                                                   
103      (1) TPM                                      
104                                                   
105          TPMs have well-documented, standardiz    
106                                                   
107      (2) TEE                                      
108                                                   
109          TEEs have well-documented, standardiz    
110          more details refer to ``Documentation    
111                                                   
112      (3) CAAM                                     
113                                                   
114          Interface is specific to silicon vend    
115                                                   
116      (4) DCP                                      
117                                                   
118          Vendor-specific API that is implement    
119          ``drivers/crypto/mxs-dcp.c``.            
120                                                   
121   *  Threat model                                 
122                                                   
123      The strength and appropriateness of a par    
124      purpose must be assessed when using them     
125                                                   
126                                                   
127 Key Generation                                    
128 ==============                                    
129                                                   
130 Trusted Keys                                      
131 ------------                                      
132                                                   
133 New keys are created from random numbers. They    
134 a child key in the storage key hierarchy. Encr    
135 child key must be protected by a strong access    
136 trust source. The random number generator in u    
137 selected trust source:                            
138                                                   
139   *  TPM: hardware device based RNG               
140                                                   
141      Keys are generated within the TPM. Streng    
142      from one device manufacturer to another.     
143                                                   
144   *  TEE: OP-TEE based on Arm TrustZone based     
145                                                   
146      RNG is customizable as per platform needs    
147      from platform specific hardware RNG or a     
148      which can be seeded via multiple entropy     
149                                                   
150   *  CAAM: Kernel RNG                             
151                                                   
152      The normal kernel random number generator    
153      CAAM HWRNG, enable CRYPTO_DEV_FSL_CAAM_RN    
154      is probed.                                   
155                                                   
156   *  DCP (Data Co-Processor: crypto accelerato    
157                                                   
158      The DCP hardware device itself does not p    
159      so the kernel default RNG is used. SoCs w    
160      a dedicated hardware RNG that is independ    
161      to back the kernel RNG.                      
162                                                   
163 Users may override this by specifying ``truste    
164 command-line to override the used RNG with the    
165                                                   
166 Encrypted Keys                                    
167 --------------                                    
168                                                   
169 Encrypted keys do not depend on a trust source    
170 for encryption/decryption. New keys are create    
171 random numbers or user-provided decrypted data    
172 using a specified ‘master’ key. The ‘mas    
173 user-key type. The main disadvantage of encryp    
174 rooted in a trusted key, they are only as secu    
175 them. The master user key should therefore be     
176 possible, preferably early in boot.               
177                                                   
178                                                   
179 Usage                                             
180 =====                                             
181                                                   
182 Trusted Keys usage: TPM                           
183 -----------------------                           
184                                                   
185 TPM 1.2: By default, trusted keys are sealed u    
186 default authorization value (20 bytes of 0s).     
187 time with the TrouSerS utility: "tpm_takeowner    
188                                                   
189 TPM 2.0: The user must first create a storage     
190 key is available after reboot. This can be don    
191                                                   
192 With the IBM TSS 2 stack::                        
193                                                   
194   #> tsscreateprimary -hi o -st                   
195   Handle 80000000                                 
196   #> tssevictcontrol -hi o -ho 80000000 -hp 81    
197                                                   
198 Or with the Intel TSS 2 stack::                   
199                                                   
200   #> tpm2_createprimary --hierarchy o -G rsa20    
201   [...]                                           
202   #> tpm2_evictcontrol -c key.ctxt 0x81000001     
203   persistentHandle: 0x81000001                    
204                                                   
205 Usage::                                           
206                                                   
207     keyctl add trusted name "new keylen [optio    
208     keyctl add trusted name "load hex_blob [pc    
209     keyctl update key "update [options]"          
210     keyctl print keyid                            
211                                                   
212     options:                                      
213        keyhandle=    ascii hex value of sealin    
214                        TPM 1.2: default 0x4000    
215                        TPM 2.0: no default; mu    
216        keyauth=      ascii hex auth for sealin    
217                      (40 ascii zeros)             
218        blobauth=     ascii hex auth for sealed    
219                      (40 ascii zeros)             
220        pcrinfo=      ascii hex of PCR_INFO or     
221        pcrlock=      pcr number to be extended    
222        migratable=   0|1 indicating permission    
223                      default 1 (resealing allo    
224        hash=         hash algorithm name as a     
225                      allowed value is sha1. Fo    
226                      are sha1, sha256, sha384,    
227        policydigest= digest for the authorizat    
228                      with the same hash algori    
229                      option.                      
230        policyhandle= handle to an authorizatio    
231                      same policy and with the     
232                      seal the key.                
233                                                   
234 "keyctl print" returns an ascii hex copy of th    
235 TPM_STORED_DATA format.  The key length for ne    
236 Trusted Keys can be 32 - 128 bytes (256 - 1024    
237 within the 2048 bit SRK (RSA) keylength, with     
238                                                   
239 Trusted Keys usage: TEE                           
240 -----------------------                           
241                                                   
242 Usage::                                           
243                                                   
244     keyctl add trusted name "new keylen" ring     
245     keyctl add trusted name "load hex_blob" ri    
246     keyctl print keyid                            
247                                                   
248 "keyctl print" returns an ASCII hex copy of th    
249 specific to TEE device implementation.  The ke    
250 in bytes. Trusted Keys can be 32 - 128 bytes (    
251                                                   
252 Trusted Keys usage: CAAM                          
253 ------------------------                          
254                                                   
255 Usage::                                           
256                                                   
257     keyctl add trusted name "new keylen" ring     
258     keyctl add trusted name "load hex_blob" ri    
259     keyctl print keyid                            
260                                                   
261 "keyctl print" returns an ASCII hex copy of th    
262 CAAM-specific format.  The key length for new     
263 Trusted Keys can be 32 - 128 bytes (256 - 1024    
264                                                   
265 Trusted Keys usage: DCP                           
266 -----------------------                           
267                                                   
268 Usage::                                           
269                                                   
270     keyctl add trusted name "new keylen" ring     
271     keyctl add trusted name "load hex_blob" ri    
272     keyctl print keyid                            
273                                                   
274 "keyctl print" returns an ASCII hex copy of th    
275 specific to this DCP key-blob implementation.     
276 always in bytes. Trusted Keys can be 32 - 128     
277                                                   
278 Encrypted Keys usage                              
279 --------------------                              
280                                                   
281 The decrypted portion of encrypted keys can co    
282 key or a more complex structure. The format of    
283 application specific, which is identified by '    
284                                                   
285 Usage::                                           
286                                                   
287     keyctl add encrypted name "new [format] ke    
288         ring                                      
289     keyctl add encrypted name "new [format] ke    
290         decrypted-data" ring                      
291     keyctl add encrypted name "load hex_blob"     
292     keyctl update keyid "update key-type:maste    
293                                                   
294 Where::                                           
295                                                   
296         format:= 'default | ecryptfs | enc32'     
297         key-type:= 'trusted' | 'user'             
298                                                   
299 Examples of trusted and encrypted key usage       
300 -------------------------------------------       
301                                                   
302 Create and save a trusted key named "kmk" of l    
303                                                   
304 Note: When using a TPM 2.0 with a persistent k    
305 append 'keyhandle=0x81000001' to statements be    
306 "new 32 keyhandle=0x81000001".                    
307                                                   
308 ::                                                
309                                                   
310     $ keyctl add trusted kmk "new 32" @u          
311     440502848                                     
312                                                   
313     $ keyctl show                                 
314     Session Keyring                               
315            -3 --alswrv    500   500  keyring:     
316      97833714 --alswrv    500    -1   \_ keyri    
317     440502848 --alswrv    500   500       \_ t    
318                                                   
319     $ keyctl print 440502848                      
320     0101000000000000000001005d01b7e3f4a6be5709    
321     3f60da455bbf1144ad12e4f92b452f966929f6105f    
322     27351119f822911b0a11ba3d3498ba6a32e50dac7f    
323     a52e56a097e6a68b3f56f7a52ece0cdccba1eb62ca    
324     d568bd4a706cb60bb37be6d8f1240661199d640b66    
325     dd379f0facd1cd020281dfa3c70ba21a3fa6fc2471    
326     f1f8fff03ad0acb083725535636addb08d73dedb98    
327     e4a8aea2b607ec96931e6f4d4fe563ba              
328                                                   
329     $ keyctl pipe 440502848 > kmk.blob            
330                                                   
331 Load a trusted key from the saved blob::          
332                                                   
333     $ keyctl add trusted kmk "load `cat kmk.bl    
334     268728824                                     
335                                                   
336     $ keyctl print 268728824                      
337     0101000000000000000001005d01b7e3f4a6be5709    
338     3f60da455bbf1144ad12e4f92b452f966929f6105f    
339     27351119f822911b0a11ba3d3498ba6a32e50dac7f    
340     a52e56a097e6a68b3f56f7a52ece0cdccba1eb62ca    
341     d568bd4a706cb60bb37be6d8f1240661199d640b66    
342     dd379f0facd1cd020281dfa3c70ba21a3fa6fc2471    
343     f1f8fff03ad0acb083725535636addb08d73dedb98    
344     e4a8aea2b607ec96931e6f4d4fe563ba              
345                                                   
346 Reseal (TPM specific) a trusted key under new     
347                                                   
348     $ keyctl update 268728824 "update pcrinfo=    
349     $ keyctl print 268728824                      
350     010100000000002c0002800093c35a09b70fff26e7    
351     77c8a6377aed9d3219c6dfec4b23ffe3000001005d    
352     d3a076c0858f6f1dcaa39ea0f119911ff03f5406df    
353     df449f266253aa3f52e55c53de147773e00f0f9aca    
354     9638c5ae99c89de1e0997242edfb0b501744e11ff9    
355     e782c29435c7ec2edafaa2f4c1fe6e7a781b59549f    
356     94bc67ede19e43ddb9dc2baacad374a36feaf0314d    
357     7ef6a24defe4846104209bf0c3eced7fa1a672ed5b    
358     df8ae9a178e9f83ba9f08d10fa47e4226b98b0702f    
359                                                   
360                                                   
361 The initial consumer of trusted keys is EVM, w    
362 quality symmetric key for HMAC protection of f    
363 trusted key provides strong guarantees that th    
364 compromised by a user level problem, and when     
365 state, protects against boot and offline attac    
366 encrypted key "evm" using the above trusted ke    
367                                                   
368 option 1: omitting 'format'::                     
369                                                   
370     $ keyctl add encrypted evm "new trusted:km    
371     159771175                                     
372                                                   
373 option 2: explicitly defining 'format' as 'def    
374                                                   
375     $ keyctl add encrypted evm "new default tr    
376     159771175                                     
377                                                   
378     $ keyctl print 159771175                      
379     default trusted:kmk 32 2375725ad57798846a9    
380     82dbbc55be2a44616e4959430436dc4f2a7a9659aa    
381     24717c64 5972dcb82ab2dde83376d82b2e3c09ffc    
382                                                   
383     $ keyctl pipe 159771175 > evm.blob            
384                                                   
385 Load an encrypted key "evm" from saved blob::     
386                                                   
387     $ keyctl add encrypted evm "load `cat evm.    
388     831684262                                     
389                                                   
390     $ keyctl print 831684262                      
391     default trusted:kmk 32 2375725ad57798846a9    
392     82dbbc55be2a44616e4959430436dc4f2a7a9659aa    
393     24717c64 5972dcb82ab2dde83376d82b2e3c09ffc    
394                                                   
395 Instantiate an encrypted key "evm" using user-    
396                                                   
397     $ evmkey=$(dd if=/dev/urandom bs=1 count=3    
398     $ keyctl add encrypted evm "new default us    
399     794890253                                     
400                                                   
401     $ keyctl print 794890253                      
402     default user:kmk 32 2375725ad57798846a9bbd    
403     bbc55be2a44616e4959430436dc4f2a7a9659aa60b    
404     17c64 5972dcb82ab2dde83376d82b2e3c09ffc       
405                                                   
406 Other uses for trusted and encrypted keys, suc    
407 are anticipated.  In particular the new format    
408 in order to use encrypted keys to mount an eCr    
409 about the usage can be found in the file          
410 ``Documentation/security/keys/ecryptfs.rst``.     
411                                                   
412 Another new format 'enc32' has been defined in    
413 with payload size of 32 bytes. This will initi    
414 but may expand to other usages that require 32    
415                                                   
416                                                   
417 TPM 2.0 ASN.1 Key Format                          
418 ------------------------                          
419                                                   
420 The TPM 2.0 ASN.1 key format is designed to be    
421 even in binary form (fixing a problem we had w    
422 format) and to be extensible for additions lik    
423 policy::                                          
424                                                   
425     TPMKey ::= SEQUENCE {                         
426         type            OBJECT IDENTIFIER         
427         emptyAuth       [0] EXPLICIT BOOLEAN O    
428         parent          INTEGER                   
429         pubkey          OCTET STRING              
430         privkey         OCTET STRING              
431     }                                             
432                                                   
433 type is what distinguishes the key even in bin    
434 is provided by the TCG to be unique and thus f    
435 binary pattern at offset 3 in the key.  The OI    
436 available are::                                   
437                                                   
438     2.23.133.10.1.3 TPM Loadable key.  This is    
439                     RSA2048 or Elliptic Curve)    
440                     TPM2_Load() operation.        
441                                                   
442     2.23.133.10.1.4 TPM Importable Key.  This     
443                     RSA2048 or Elliptic Curve)    
444                     TPM2_Import() operation.      
445                                                   
446     2.23.133.10.1.5 TPM Sealed Data.  This is     
447                     bytes) which is sealed by     
448                     represents a symmetric key    
449                     use.                          
450                                                   
451 The trusted key code only uses the TPM Sealed     
452                                                   
453 emptyAuth is true if the key has well known au    
454 is false or not present, the key requires an e    
455 phrase.  This is used by most user space consu    
456 to prompt for a password.                         
457                                                   
458 parent represents the parent key handle, eithe    
459 like 0x81000001 for the RSA primary storage ke    
460 also support specifying the primary handle in     
461 this happens the Elliptic Curve variant of the    
462 TCG defined template will be generated on the     
463 object and used as the parent.  The current ke    
464 the 0x81 MSO form.                                
465                                                   
466 pubkey is the binary representation of TPM2B_P    
467 initial TPM2B header, which can be reconstruct    
468 string length.                                    
469                                                   
470 privkey is the binary representation of TPM2B_    
471 initial TPM2B header which can be reconstructe    
472 string length.                                    
473                                                   
474 DCP Blob Format                                   
475 ---------------                                   
476                                                   
477 .. kernel-doc:: security/keys/trusted-keys/tru    
478    :doc: dcp blob format                          
479                                                   
480 .. kernel-doc:: security/keys/trusted-keys/tru    
481    :identifiers: struct dcp_blob_fmt              
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php