[PATCH 1/4] lib: sha256: add feature sha256_hmac

[Philippe REYNES]

Hi Tom,


Le 17/07/2024 à 19:58, Tom Rini a écrit :
> On Wed, Jul 17, 2024 at 07:08:27PM +0200, Philippe REYNES wrote:
>> Hi Peter,
>>
>> Le 16/07/2024 à 18:56, Peter Robinson a écrit :
>>> This Mail comes from Outside of SoftAtHome: Do not answer, click links or open attachments unless you recognize the sender and know the content is safe.
>>>
>>> Hi Philippe,
>>>
>>> It might be useful to have a cover letter explaining what the plans
>>> for this code are, great that there are tests but adding code in
>>> without it being used isn't always a feature so a cover letter with
>>> some details often helps with the context.
>> You right, I should have added a cover letter.
>> My goal was to add key derivation and use this feature to fill a key
>> manager,
>> and then provide those  keys (or some of them) to the kernel. So the kernel
>> may (for example) add them in the KRS.
>>
>> Do you know if there are some work or interest in a key manager for u-boot
>> please ?
>>
>>> Also if you're not aware there's work to integrate MBedTLS [1] and I'm
>>> not sure if that also may provide the functionality.
>> Good point, I miss it. MBedTLS has the feature of key derivation.
>> https://mbed-tls.readthedocs.io/en/latest/getting_started/psa/#deriving-a-new-key-from-an-existing-key
>> So unless someone wants to use key derivation without all MBedTLS,
>> this serie is not very useful.
> Unless you object, I would really prefer to have this been a feature
> U-Boot only has with MBedTLS enabled as one of the goals with that
> integration is to have U-Boot leverage existing and well
> audited/monitored codebases for security sensitive code paths when
> possible.
>
I don't object, I also think that a feature should be only
implemented once.
I just have a question on this topic, I am planning to use
a key manager in u-boot. Do you think a key manager would
be nice in u-boot, and if someone has already planned to work
on this topic please ?

Regards,
Philippe