From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: "Marek Behún" <kabel@kernel.org>
Cc: "Gregory CLEMENT" <gregory.clement@bootlin.com>,
"Arnd Bergmann" <arnd@arndb.de>,
soc@kernel.org, arm@kernel.org,
"Andy Shevchenko" <andy@kernel.org>,
"Hans de Goede" <hdegoede@redhat.com>,
"Ilpo Järvinen" <ilpo.jarvinen@linux.intel.com>,
linux-crypto@vger.kernel.org,
"Dan Carpenter" <dan.carpenter@linaro.org>
Subject: Re: [PATCH v10 7/9] platform: cznic: turris-omnia-mcu: Add support for digital message signing via debugfs
Date: Fri, 10 May 2024 13:52:08 +0100 [thread overview]
Message-ID: <2024051042-unbuckled-barometer-1099@gregkh> (raw)
In-Reply-To: <20240510135020.06aff350@dellmb>
On Fri, May 10, 2024 at 01:50:20PM +0200, Marek Behún wrote:
> On Fri, 10 May 2024 12:37:04 +0100
> Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
>
> > On Fri, May 10, 2024 at 01:31:58PM +0200, Marek Behún wrote:
> > > On Fri, 10 May 2024 11:52:56 +0100
> > > Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> > >
> > > > On Fri, May 10, 2024 at 12:18:17PM +0200, Marek Behún wrote:
> > > > > Add support for digital message signing with private key stored in the
> > > > > MCU. Boards with MKL MCUs have a NIST256p ECDSA private key created
> > > > > when manufactured. The private key is not readable from the MCU, but
> > > > > MCU allows for signing messages with it and retrieving the public key.
> > > > >
> > > > > As described in a similar commit 50524d787de3 ("firmware:
> > > > > turris-mox-rwtm: support ECDSA signatures via debugfs"):
> > > > > The optimal solution would be to register an akcipher provider via
> > > > > kernel's crypto API, but crypto API does not yet support accessing
> > > > > akcipher API from userspace (and probably won't for some time, see
> > > > > https://www.spinics.net/lists/linux-crypto/msg38388.html).
> > > > >
> > > > > Therefore we add support for accessing this signature generation
> > > > > mechanism via debugfs for now, so that userspace can access it.
> > > >
> > > > Having a "real" user/kernel api in debugfs feels wrong here, why would
> > > > you not do this properly? On most, if not all, systems, debugfs is
> > > > locked down so you do not have access to it, as it is only there for
> > > > debugging. So how is a user supposed to use this feature if they can't
> > > > get access to it?
> > > >
> > > > And debugfs files can be changed at any time, so how can you ensure that
> > > > your new api will always be there?
> > > >
> > > > In other words, please solve this properly, do not just add a hack into
> > > > debugfs that no one can use as that is not a good idea.
> > >
> > > Hi Greg,
> > >
> > > this is the same thing we discussed 5 years ago, I wanted to implement
> > > it via crypto's akcipher, but was refused due to
> > > https://www.spinics.net/lists/linux-crypto/msg38388.html
> > >
> > > I've then exposed this via debugfs in the turris-mox-rwtm driver 4
> > > years ago, and we have supported this in our utility scripts, with the
> > > plan that to reimplement it in the kernel via the correct ABI once
> > > akcipher (or other ABI) is available to userspace, but AFAIK after 5
> > > years this is still not the case :-(
> > >
> > > If not debugfs and not akcipher, another option is to expose this via
> > > sysfs, but that also doesn't seem right, and if I recall correctly you
> > > also disapproved of this 5 years ago.
> >
> > Yeah, sysfs is not ok for this either.
> >
> > > The last option would be to create another device, something like
> > > /dev/turris-crypto for this. I wanted to avoid that and wait for
> > > akcipher to be exposed do crypto since another /dev device must be
> > > supported forever, while debugfs implementation can be removed once
> > > this is supported via standardized ABI.
> > >
> > > Do you have any suggestions?
> >
> > Not really, I can't see the link above (no internet connection right
> > now) but this should just be fixed properly at the crypto subsystem
> > instead of these horrible debugfs hacks.
> >
> > thanks,
> >
> > greg k-h
>
> The mail is from Herbert Xu and it says the following:
>
> The akcipher kernel API is still in a state of flux. See the
> recent work on ecrdsa for example which affected the RSA API.
>
> Until that settles down I will not allow akcipher to be exported
> through af_alg as that would commit us to that API forever.
5 years is a long time for "in a state of flux", perhaps work on getting
that fixed up now that things are settled down?
thanks,
greg k-h
prev parent reply other threads:[~2024-05-10 12:52 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-10 10:18 [PATCH v10 0/9] Turris Omnia MCU driver Marek Behún
2024-05-10 10:18 ` [PATCH v10 6/9] platform: cznic: turris-omnia-mcu: Add support for MCU provided TRNG Marek Behún
2024-05-10 10:18 ` [PATCH v10 7/9] platform: cznic: turris-omnia-mcu: Add support for digital message signing via debugfs Marek Behún
2024-05-10 10:52 ` Greg Kroah-Hartman
2024-05-10 11:31 ` Marek Behún
2024-05-10 11:37 ` Greg Kroah-Hartman
2024-05-10 11:50 ` Marek Behún
2024-05-10 12:52 ` Greg Kroah-Hartman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024051042-unbuckled-barometer-1099@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=andy@kernel.org \
--cc=arm@kernel.org \
--cc=arnd@arndb.de \
--cc=dan.carpenter@linaro.org \
--cc=gregory.clement@bootlin.com \
--cc=hdegoede@redhat.com \
--cc=ilpo.jarvinen@linux.intel.com \
--cc=kabel@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=soc@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).