CBE key encryption

23 Nov 2021


      Hello Genodians,
we are still working to add hardware-based encryption to CBE. To this
end, we have implemented a custom trust anchor and crypto engine.
Generating a key, encrypting this key on behalf of cbe_init and
decrypting it again on behalf of the vfs_cbe plugin works fine.
But then the vfs_cbe requests to have a all zero key encrypted which due
to the ICV added by hardware black key handling fails. We cannot seam to
find out where the request originates or why vfs_cbe would ever encrypt
any key, let alone a key of all zeros.
Any pointer or idea would by very welcome.
Kind regards
Stefan

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

CBE key encryption