Hi Tom,
Le 17/07/2024 à 19:58, Tom Rini a écrit :
On Wed, Jul 17, 2024 at 07:08:27PM +0200, Philippe REYNES wrote:
Hi Peter,
Le 16/07/2024 à 18:56, Peter Robinson a écrit :
This Mail comes from Outside of SoftAtHome: Do not answer, click links or open
attachments unless you recognize the sender and know the content is safe.
Hi Philippe,
It might be useful to have a cover letter explaining what the plans
for this code are, great that there are tests but adding code in
without it being used isn't always a feature so a cover letter with
some details often helps with the context.
You right, I should have added a cover letter.
My goal was to add key derivation and use this feature to fill a key
manager,
and then provide those keys (or some of them) to the kernel. So the kernel
may (for example) add them in the KRS.
Do you know if there are some work or interest in a key manager for u-boot
please ?
Also if you're not aware there's work to integrate MBedTLS [1] and I'm
not sure if that also may provide the functionality.
Good point, I miss it. MBedTLS has the feature of key derivation.
https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/#deriving-a-new-key-from-an-existing-key
So unless someone wants to use key derivation without all MBedTLS,
this serie is not very useful.
Unless you object, I would really prefer to have this been a feature
U-Boot only has with MBedTLS enabled as one of the goals with that
integration is to have U-Boot leverage existing and well
audited/monitored codebases for security sensitive code paths when
possible.
I don't object, I also think that a feature should be only
implemented once.
I just have a question on this topic, I am planning to use
a key manager in u-boot. Do you think a key manager would
be nice in u-boot, and if someone has already planned to work
on this topic please ?
Regards,
Philippe
