Hi Tom,
Le 17/07/2024 à 19:58, Tom Rini a écrit :
On Wed, Jul 17, 2024 at 07:08:27PM +0200, Philippe REYNES wrote:
Hi Peter,
Le 16/07/2024 à 18:56, Peter Robinson a écrit :
This Mail comes from Outside of SoftAtHome: Do not answer, click links or open attachments unless you recognize the sender and know the content is safe.
Hi Philippe,
It might be useful to have a cover letter explaining what the plans for this code are, great that there are tests but adding code in without it being used isn't always a feature so a cover letter with some details often helps with the context.
You right, I should have added a cover letter. My goal was to add key derivation and use this feature to fill a key manager, and then provide those keys (or some of them) to the kernel. So the kernel may (for example) add them in the KRS.
Do you know if there are some work or interest in a key manager for u-boot please ?
Also if you're not aware there's work to integrate MBedTLS [1] and I'm not sure if that also may provide the functionality.
Good point, I miss it. MBedTLS has the feature of key derivation. https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/#deriving-a-ne... So unless someone wants to use key derivation without all MBedTLS, this serie is not very useful.
Unless you object, I would really prefer to have this been a feature U-Boot only has with MBedTLS enabled as one of the goals with that integration is to have U-Boot leverage existing and well audited/monitored codebases for security sensitive code paths when possible.
I don't object, I also think that a feature should be only implemented once. I just have a question on this topic, I am planning to use a key manager in u-boot. Do you think a key manager would be nice in u-boot, and if someone has already planned to work on this topic please ?
Regards, Philippe