Hi,
We are setting up dm-crypt on imx93 and have been having stability issues with the cbc-aes-tee driver, which we still hope NXP are looking at.
When looking at the keytypes and encryption algorithms, I tried understanding the different options. As I understand it:
1. Using user key and cbc-aes-ce. Key is completely unprotected and available in plain text in user space. Encryption is handled in kernel. Not a viable option.
2. Using TEE-backed trusted key and cbc-aes-ce. Key is protected and only available encrypted in user space. Key is unsealed in kernel by calling OP-TEE. Encryption is handled in kernel. Key is open to DRAM bus sniffing and kernel attacks.
3. Using user key and cbc-aes-tee. Key in keyring is completely unprotected and available in plain text in user space. However, this key is only used as a salt for the actual key derived in OP-TEE so it does not matter(?). Derived key is only ever stored in OCRAM. Encryption is handled in OP-TEE.
4. Using TEE-backed trusted key and cbc-aes-tee. Key is protected and only available encrypted in user space. Key is unsealed in kernel by calling OP-TEE. However, this key is still only used as a salt for the actual key derived in OP-TEE so now it is unnecessarily protected in keyring as well(?). Derived key is only ever stored in OCRAM. Encryption is handled in OP-TEE.
In Rev. LF6.12.3_1.0.0 of Linux User Guide a user key is used, and in Rev. LF6.12.20_2.0.0 a trusted key is used (chapter 10.5.5), that's why I started thing about the difference. Is my understanding of the options listed above correct?
Thinking about the security implications of option 2 versus 3 or 4 is seems the main difference is that the key might be open to DRAM sniffing attacks or kernel attacks? The on-disk storage of the key is still encrypted and secure?
