[PATCH 1/4] lib: sha256: add feature sha256_hmac

Tom Rini trini at konsulko.com
Wed Jul 17 19:58:06 CEST 2024


On Wed, Jul 17, 2024 at 07:08:27PM +0200, Philippe REYNES wrote:
> Hi Peter,
> 
> Le 16/07/2024 à 18:56, Peter Robinson a écrit :
> > This Mail comes from Outside of SoftAtHome: Do not answer, click links or open attachments unless you recognize the sender and know the content is safe.
> > 
> > Hi Philippe,
> > 
> > It might be useful to have a cover letter explaining what the plans
> > for this code are, great that there are tests but adding code in
> > without it being used isn't always a feature so a cover letter with
> > some details often helps with the context.
> 
> You right, I should have added a cover letter.
> My goal was to add key derivation and use this feature to fill a key
> manager,
> and then provide those  keys (or some of them) to the kernel. So the kernel
> may (for example) add them in the KRS.
> 
> Do you know if there are some work or interest in a key manager for u-boot
> please ?
> 
> > 
> > Also if you're not aware there's work to integrate MBedTLS [1] and I'm
> > not sure if that also may provide the functionality.
> 
> Good point, I miss it. MBedTLS has the feature of key derivation.
> https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/#deriving-a-new-key-from-an-existing-key
> So unless someone wants to use key derivation without all MBedTLS,
> this serie is not very useful.

Unless you object, I would really prefer to have this been a feature
U-Boot only has with MBedTLS enabled as one of the goals with that
integration is to have U-Boot leverage existing and well
audited/monitored codebases for security sensitive code paths when
possible.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20240717/b4243266/attachment.sig>


More information about the U-Boot mailing list