Commit Graph

3 Commits

Author SHA1 Message Date
Marek Behún 50524d787d firmware: turris-mox-rwtm: support ECDSA signatures via debugfs
The firmware on Turris MOX secure processor offers signing messages
with ECDSA private key stored in protected OTP memory.

The optimal solution would be to register an akcipher provider via
kernel's crypto API, but crypto API does not yet support accessing
akcipher API from userspace (and probably won't for some time, see
https://www.spinics.net/lists/linux-crypto/msg38388.html).

At first I tried to put this via standard sysfs API, but the way I
designed it is not compatible with sysfs's standard "one file per
attribute".

This patch therefore adds support for accessing this signature
generation mechanism via debugfs. Since CZ.NIC's Turris MOX is the only
user of this module, the potential future change to akcipher API should
not cause problems, since we can just change our userspace software then.

Signed-off-by: Marek Behún <marek.behun@nic.cz>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
2020-07-18 22:35:01 +02:00
Dan Carpenter e8acad4d83 firmware: turris-mox-rwtm: small white space cleanup
This patch deletes a stray tab.

Cc: Gregory CLEMENT <gregory.clement@bootlin.com>
Cc: Colin King <colin.king@canonical.com>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
2020-01-08 10:35:23 +01:00
Marek Behún 389711b374 firmware: Add Turris Mox rWTM firmware driver
This adds a driver to communicate with the firmware running on the
secure processor of the Turris Mox router, enabling the kernel to
retrieve true random numbers from the Entropy Bit Generator and to read
some information burned into eFuses when device was manufactured:

and to
sign messages with the ECDSA private key burned into each Turris Mox
device when manufacturing.

This also adds support to read other information burned into eFuses:
 - serial number
 - board version
 - MAC addresses
 - RAM size
 - ECDSA public key (this is not read directly from eFuses, rather it
   is computed by the firmware as pair to the burned private key)

The source code of the firmware is open source and can be found at
https://gitlab.labs.nic.cz/turris/mox-boot-builder/tree/master/wtmi

The firmware is also able to, on demand, sign messages with the burned
ECDSA private key, but since Linux's akcipher API is not yet stable
(and therefore not exposed to userspace via netlink), this functionality
is not supported yet.

Link: https://lore.kernel.org/r/20190822014318.19478-3-marek.behun@nic.cz
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2019-09-04 17:32:13 +02:00