[PATCH] crypto: mxs-dcp: Enable user-space access to AES with hardware-bound keys
Herbert Xu
herbert at gondor.apana.org.au
Sat Sep 14 01:35:02 PDT 2024
On Fri, Sep 13, 2024 at 12:58:21PM +0200, Tomas Paukrt wrote:
> Add an option to enable user-space access to cbc(paes) and ecb(paes)
> cipher algorithms via AF_ALG.
>
> Signed-off-by: Tomas Paukrt <tomaspaukrt at email.cz>
> ---
> drivers/crypto/Kconfig | 13 +++++++++++++
> drivers/crypto/mxs-dcp.c | 8 ++++++++
> 2 files changed, 21 insertions(+)
>
> diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
> index 94f23c6..4637c6f 100644
> --- a/drivers/crypto/Kconfig
> +++ b/drivers/crypto/Kconfig
> @@ -460,6 +460,19 @@ config CRYPTO_DEV_MXS_DCP
> To compile this driver as a module, choose M here: the module
> will be called mxs-dcp.
>
> +config CRYPTO_DEV_MXS_DCP_USER_PAES
> + bool "Enable user-space access to AES with hardware-bound keys"
> + depends on CRYPTO_DEV_MXS_DCP && CRYPTO_USER_API_SKCIPHER
> + default n
> + help
> + Say Y to enable user-space access to cbc(paes) and ecb(paes)
> + cipher algorithms via AF_ALG.
> +
> + In scenarios with untrustworthy users-pace, this may enable
> + decryption of sensitive information.
> +
> + If unsure, say N.
> +
Why not just expose it uncondtionally?
Cheers,
--
Email: Herbert Xu <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the linux-arm-kernel
mailing list