On Wed, Jul 17, 2024 at 07:08:27PM +0200, Philippe REYNES wrote:
Hi Peter,
Le 16/07/2024 à 18:56, Peter Robinson a écrit :
This Mail comes from Outside of SoftAtHome: Do not answer, click links or open attachments unless you recognize the sender and know the content is safe.
Hi Philippe,
It might be useful to have a cover letter explaining what the plans for this code are, great that there are tests but adding code in without it being used isn't always a feature so a cover letter with some details often helps with the context.
You right, I should have added a cover letter. My goal was to add key derivation and use this feature to fill a key manager, and then provide those keys (or some of them) to the kernel. So the kernel may (for example) add them in the KRS.
Do you know if there are some work or interest in a key manager for u-boot please ?
Also if you're not aware there's work to integrate MBedTLS [1] and I'm not sure if that also may provide the functionality.
Good point, I miss it. MBedTLS has the feature of key derivation. https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/#deriving-a-ne... So unless someone wants to use key derivation without all MBedTLS, this serie is not very useful.
Unless you object, I would really prefer to have this been a feature U-Boot only has with MBedTLS enabled as one of the goals with that integration is to have U-Boot leverage existing and well audited/monitored codebases for security sensitive code paths when possible.