[PATCH v6 3/6] KEYS: trusted: Introduce NXP DCP-backed trusted keys
Jarkko Sakkinen
jarkko at kernel.org
Mon Mar 11 13:07:19 PDT 2024
On Fri Mar 8, 2024 at 9:17 AM EET, David Gstir wrote:
> Hi Jarkko,
>
> > On 07.03.2024, at 20:30, Jarkko Sakkinen <jarkko at kernel.org> wrote:
>
> [...]
>
> >> +
> >> +static int trusted_dcp_init(void)
> >> +{
> >> + int ret;
> >> +
> >> + if (use_otp_key)
> >> + pr_info("Using DCP OTP key\n");
> >> +
> >> + ret = test_for_zero_key();
> >> + if (ret) {
> >> + pr_err("Test for zero'ed keys failed: %i\n", ret);
> >
> > I'm not sure whether this should err or warn.
> >
> > What sort of situations can cause the test the fail (e.g.
> > adversary/interposer, bad configuration etc.).
>
> This occurs when the hardware is not in "secure mode". I.e. it’s a bad configuration issue.
> Once the board is properly configured, this will never trigger again.
> Do you think a warning is better for this then?
Bad configuration is not unexpected configuration so it cannot possibly
be an error situation as far as Linux is considered. So warning is
appropriate here I'd figure.
BR, Jarkko
More information about the linux-arm-kernel
mailing list