diff options
| author | Marek BehĂșn <kabel@kernel.org> | 2025-02-04 14:14:13 +0100 |
|---|---|---|
| committer | Arnd Bergmann <arnd@arndb.de> | 2025-03-20 17:56:57 +0100 |
| commit | df94a2f1eb455b57dd01f9b64419e3163d44df7f (patch) | |
| tree | 605ace54565b1632a79b19fafd4a500c96301b1e /scripts/lib/kdoc/kdoc_output.py | |
| parent | 0b28b7080ef5a323c3afa3860c3d45d627629830 (diff) | |
platform: cznic: turris-omnia-mcu: Add support for digital message signing with HW private key
Add support for digital message signing with the private key stored in
the MCU. Turris Omnia boards with MKL MCUs have a NIST256p ECDSA private
key generated and burned into MCU's flash when manufactured. The private
key is not readable from the MCU, but MCU allows for signing messages
with it and retrieving the public key.
This is exposed to userspace via the keyctl API.
In userspace, the user can look at /proc/keys or list the keyring:
$ cat /proc/keys
0a3b7cd3 ... keyring .turris-signing-keys: 1
3caf0b1a ... turris-om Turris Omnia SN 0000000A1000023 MCU ECDSA k...
$ keyctl rlist %:.turris-signing-keys
1018104602
To get the public key:
$ keyctl read 1018104602
33 bytes of data in key:
025d9108 1fb538ae 8435c88b b4379171 d6b158a9 55751b91 1d23e6a9 d017f4b2
1c
To sign a message:
$ dd if=/dev/urandom of=msg_to_sign bs=32 count=1
$ keyctl pkey_sign 1018104602 0 msg_to_sign >signature
Signed-off-by: Marek BehĂșn <kabel@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Diffstat (limited to 'scripts/lib/kdoc/kdoc_output.py')
0 files changed, 0 insertions, 0 deletions