CBE key encryption

Stefan Thöni stefan.thoeni at gapfruit.com
Tue Nov 23 11:21:19 CET 2021


Hello Genodians,

we are still working to add hardware-based encryption to CBE. To this
end, we have implemented a custom trust anchor and crypto engine.
Generating a key, encrypting this key on behalf of cbe_init and
decrypting it again on behalf of the vfs_cbe plugin works fine.

But then the vfs_cbe requests to have a all zero key encrypted which due
to the ICV added by hardware black key handling fails. We cannot seam to
find out where the request originates or why vfs_cbe would ever encrypt
any key, let alone a key of all zeros.

Any pointer or idea would by very welcome.

Kind regards
Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x99A5F4B3D4E372A6.asc
Type: application/pgp-keys
Size: 1867 bytes
Desc: OpenPGP public key
URL: <http://lists.genode.org/pipermail/users/attachments/20211123/6fd13d50/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 313 bytes
Desc: OpenPGP digital signature
URL: <http://lists.genode.org/pipermail/users/attachments/20211123/6fd13d50/attachment.sig>


More information about the users mailing list