On Wed, Jul 17, 2024 at 07:08:27PM +0200, Philippe REYNES wrote: > Hi Peter, > > Le 16/07/2024 à 18:56, Peter Robinson a écrit : > > This Mail comes from Outside of SoftAtHome: Do not answer, click links or > > open attachments unless you recognize the sender and know the content is > > safe. > > > > Hi Philippe, > > > > It might be useful to have a cover letter explaining what the plans > > for this code are, great that there are tests but adding code in > > without it being used isn't always a feature so a cover letter with > > some details often helps with the context. > > You right, I should have added a cover letter. > My goal was to add key derivation and use this feature to fill a key > manager, > and then provide those keys (or some of them) to the kernel. So the kernel > may (for example) add them in the KRS. > > Do you know if there are some work or interest in a key manager for u-boot > please ? > > > > > Also if you're not aware there's work to integrate MBedTLS [1] and I'm > > not sure if that also may provide the functionality. > > Good point, I miss it. MBedTLS has the feature of key derivation. > https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/#deriving-a-new-key-from-an-existing-key > So unless someone wants to use key derivation without all MBedTLS, > this serie is not very useful.
Unless you object, I would really prefer to have this been a feature U-Boot only has with MBedTLS enabled as one of the goals with that integration is to have U-Boot leverage existing and well audited/monitored codebases for security sensitive code paths when possible. -- Tom
signature.asc
Description: PGP signature
