diff options
| author | Daniel Golle <daniel@makrotopia.org> | 2022-03-21 01:16:48 +0000 |
|---|---|---|
| committer | Daniel Golle <daniel@makrotopia.org> | 2022-03-21 13:11:56 +0000 |
| commit | 786bf7fdaca4c75e7eba6e9aa3a8b5775fd21186 (patch) | |
| tree | 926fecb2b1f6ce1e42ba7ef4c7aab8e68dfd214c /target/linux/layerscape/patches-5.4/810-keys-0002-encrypted_keys-Adds-support-for-secure-key-type-as-m.patch | |
| parent | 9470160c350d15f765c33d6c1db15d6c4709a64c (diff) | |
| download | upstream-786bf7fdaca4c75e7eba6e9aa3a8b5775fd21186.tar.gz upstream-786bf7fdaca4c75e7eba6e9aa3a8b5775fd21186.tar.bz2 upstream-786bf7fdaca4c75e7eba6e9aa3a8b5775fd21186.zip | |
kernel: delete Linux 5.4 config and patches
As the upcoming release will be based on Linux 5.10 only, remove all
kernel configuration as well as patches for Linux 5.4.
There were no targets still actively using Linux 5.4.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 3a14580411adfb75f9a44eded9f41245b9e44606)
Diffstat (limited to 'target/linux/layerscape/patches-5.4/810-keys-0002-encrypted_keys-Adds-support-for-secure-key-type-as-m.patch')
| -rw-r--r-- | target/linux/layerscape/patches-5.4/810-keys-0002-encrypted_keys-Adds-support-for-secure-key-type-as-m.patch | 162 |
1 files changed, 0 insertions, 162 deletions
diff --git a/target/linux/layerscape/patches-5.4/810-keys-0002-encrypted_keys-Adds-support-for-secure-key-type-as-m.patch b/target/linux/layerscape/patches-5.4/810-keys-0002-encrypted_keys-Adds-support-for-secure-key-type-as-m.patch deleted file mode 100644 index 3a354e1fa8..0000000000 --- a/target/linux/layerscape/patches-5.4/810-keys-0002-encrypted_keys-Adds-support-for-secure-key-type-as-m.patch +++ /dev/null @@ -1,162 +0,0 @@ -From a8b1717089d6d215a48bb2816dff4a02376f3d16 Mon Sep 17 00:00:00 2001 -From: Udit Agarwal <udit.agarwal@nxp.com> -Date: Wed, 4 Jul 2018 11:24:49 +0530 -Subject: [PATCH] encrypted_keys: Adds support for secure key-type as master - key. - -Encrypted keys can use secure key-type as master key along with -trusted/user keys. - -Secure key as master key uses, secure key type payload derieved -using CAAM hardware. - -Signed-off-by: Udit Agarwal <udit.agarwal@nxp.com> -Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com> ---- - MAINTAINERS | 1 + - security/keys/encrypted-keys/Makefile | 2 ++ - security/keys/encrypted-keys/encrypted.c | 13 +++++++-- - security/keys/encrypted-keys/encrypted.h | 13 +++++++++ - security/keys/encrypted-keys/masterkey_secure.c | 37 +++++++++++++++++++++++++ - 5 files changed, 64 insertions(+), 2 deletions(-) - create mode 100644 security/keys/encrypted-keys/masterkey_secure.c - ---- a/MAINTAINERS -+++ b/MAINTAINERS -@@ -9085,6 +9085,7 @@ F: include/keys/secure-type.h - F: security/keys/secure_key.c - F: security/keys/securekey_desc.c - F: security/keys/securekey_desc.h -+F: security/keys/encrypted-keys/masterkey_secure.c - - KEYS/KEYRINGS: - M: David Howells <dhowells@redhat.com> ---- a/security/keys/encrypted-keys/Makefile -+++ b/security/keys/encrypted-keys/Makefile -@@ -7,5 +7,7 @@ obj-$(CONFIG_ENCRYPTED_KEYS) += encrypte - - encrypted-keys-y := encrypted.o ecryptfs_format.o - masterkey-$(CONFIG_TRUSTED_KEYS) := masterkey_trusted.o -+masterkey-$(CONFIG_SECURE_KEYS) := masterkey_secure.o - masterkey-$(CONFIG_TRUSTED_KEYS)-$(CONFIG_ENCRYPTED_KEYS) := masterkey_trusted.o -+masterkey-$(CONFIG_SECURE_KEYS)-$(CONFIG_ENCRYPTED_KEYS) := masterkey_secure.o - encrypted-keys-y += $(masterkey-y) $(masterkey-m-m) ---- a/security/keys/encrypted-keys/encrypted.c -+++ b/security/keys/encrypted-keys/encrypted.c -@@ -36,6 +36,7 @@ - #include "ecryptfs_format.h" - - static const char KEY_TRUSTED_PREFIX[] = "trusted:"; -+static const char KEY_SECURE_PREFIX[] = "secure:"; - static const char KEY_USER_PREFIX[] = "user:"; - static const char hash_alg[] = "sha256"; - static const char hmac_alg[] = "hmac(sha256)"; -@@ -47,6 +48,7 @@ static unsigned int ivsize; - static int blksize; - - #define KEY_TRUSTED_PREFIX_LEN (sizeof (KEY_TRUSTED_PREFIX) - 1) -+#define KEY_SECURE_PREFIX_LEN (sizeof(KEY_SECURE_PREFIX) - 1) - #define KEY_USER_PREFIX_LEN (sizeof (KEY_USER_PREFIX) - 1) - #define KEY_ECRYPTFS_DESC_LEN 16 - #define HASH_SIZE SHA256_DIGEST_SIZE -@@ -125,7 +127,7 @@ static int valid_ecryptfs_desc(const cha - /* - * valid_master_desc - verify the 'key-type:desc' of a new/updated master-key - * -- * key-type:= "trusted:" | "user:" -+ * key-type:= "trusted:" | "user:" | "secure:" - * desc:= master-key description - * - * Verify that 'key-type' is valid and that 'desc' exists. On key update, -@@ -140,6 +142,8 @@ static int valid_master_desc(const char - - if (!strncmp(new_desc, KEY_TRUSTED_PREFIX, KEY_TRUSTED_PREFIX_LEN)) - prefix_len = KEY_TRUSTED_PREFIX_LEN; -+ else if (!strncmp(new_desc, KEY_SECURE_PREFIX, KEY_SECURE_PREFIX_LEN)) -+ prefix_len = KEY_SECURE_PREFIX_LEN; - else if (!strncmp(new_desc, KEY_USER_PREFIX, KEY_USER_PREFIX_LEN)) - prefix_len = KEY_USER_PREFIX_LEN; - else -@@ -358,7 +362,7 @@ static int calc_hmac(u8 *digest, const u - - enum derived_key_type { ENC_KEY, AUTH_KEY }; - --/* Derive authentication/encryption key from trusted key */ -+/* Derive authentication/encryption key from trusted/secure key */ - static int get_derived_key(u8 *derived_key, enum derived_key_type key_type, - const u8 *master_key, size_t master_keylen) - { -@@ -429,6 +433,11 @@ static struct key *request_master_key(st - mkey = request_trusted_key(epayload->master_desc + - KEY_TRUSTED_PREFIX_LEN, - master_key, master_keylen); -+ } else if (!strncmp(epayload->master_desc, KEY_SECURE_PREFIX, -+ KEY_SECURE_PREFIX_LEN)) { -+ mkey = request_secure_key(epayload->master_desc + -+ KEY_SECURE_PREFIX_LEN, -+ master_key, master_keylen); - } else if (!strncmp(epayload->master_desc, KEY_USER_PREFIX, - KEY_USER_PREFIX_LEN)) { - mkey = request_user_key(epayload->master_desc + ---- a/security/keys/encrypted-keys/encrypted.h -+++ b/security/keys/encrypted-keys/encrypted.h -@@ -16,6 +16,19 @@ static inline struct key *request_truste - } - #endif - -+#if defined(CONFIG_SECURE_KEYS) -+extern struct key *request_secure_key(const char *secure_desc, -+ const u8 **master_key, -+ size_t *master_keylen); -+#else -+static inline struct key *request_secure_key(const char *secure_desc, -+ const u8 **master_key, -+ size_t *master_keylen) -+{ -+ return ERR_PTR(-EOPNOTSUPP); -+} -+#endif -+ - #if ENCRYPTED_DEBUG - static inline void dump_master_key(const u8 *master_key, size_t master_keylen) - { ---- /dev/null -+++ b/security/keys/encrypted-keys/masterkey_secure.c -@@ -0,0 +1,37 @@ -+// SPDX-License-Identifier: GPL-2.0 -+/* -+ * Copyright (C) 2018 NXP. -+ * -+ */ -+ -+#include <linux/uaccess.h> -+#include <linux/module.h> -+#include <linux/err.h> -+#include <keys/secure-type.h> -+#include <keys/encrypted-type.h> -+#include "encrypted.h" -+ -+/* -+ * request_secure_key - request the secure key -+ * -+ * Secure keys and their blobs are derived from CAAM hardware. -+ * Userspace manages secure key-type data, but key data is not -+ * visible in plain form. It is presented as blobs. -+ */ -+struct key *request_secure_key(const char *secure_desc, -+ const u8 **master_key, size_t *master_keylen) -+{ -+ struct secure_key_payload *spayload; -+ struct key *skey; -+ -+ skey = request_key(&key_type_secure, secure_desc, NULL); -+ if (IS_ERR(skey)) -+ goto error; -+ -+ down_read(&skey->sem); -+ spayload = skey->payload.data[0]; -+ *master_key = spayload->key; -+ *master_keylen = spayload->key_len; -+error: -+ return skey; -+} |