Re: [PATCH] crypto: caam - remove HMAC key hex dumps from hash_digest_key

Next message: Hannes Reinecke: "Re: [PATCH 02/13] scsi: alua: Create a core ALUA driver"
Previous message: Loktionov, Aleksandr: "RE: [PATCH v3 17/22] docs: xforms_lists: better evaluate struct_group macros"
In reply to: Thorsten Blum: "Re: [PATCH] crypto: caam - remove HMAC key hex dumps from hash_digest_key"
Next in thread: Thorsten Blum: "Re: [PATCH] crypto: caam - remove HMAC key hex dumps from hash_digest_key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Herbert Xu

Date: Wed Mar 18 2026 - 03:48:01 EST

On Tue, Mar 17, 2026 at 12:20:30PM +0100, Thorsten Blum wrote:
>
> This is not specifically about caam, but (debug) logging of potentially
> sensitive key material should generally be avoided, imho. Some other
> recent examples:
>
> https://lore.kernel.org/lkml/20260227230008.858641-2-thorsten.blum@xxxxxxxxx/
> https://lore.kernel.org/lkml/20260303132552.65235-2-thorsten.blum@xxxxxxxxx/
> https://lore.kernel.org/lkml/20260303190350.78705-2-thorsten.blum@xxxxxxxxx/
>
> > Is there a scenario where production systems will run with debugging
> > enabled in caam?
>
> I don't know - possibly.

I think a better solution is to turn these sensitive printk's to
pr_devel. That way you can still get them by recompiling the kernel
but they won't be enabled in any distro kernels.

What do you think?

Thanks,
--
Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt