From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: Richard Weinberger <richard@nod.at>
Cc: Jonathan Corbet <corbet@lwn.net>,
David Howells <dhowells@redhat.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
James Bottomley <jejb@linux.ibm.com>,
Mimi Zohar <zohar@linux.ibm.com>, kernel <kernel@pengutronix.de>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
horia geanta <horia.geanta@nxp.com>,
aymen sghaier <aymen.sghaier@nxp.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
davem <davem@davemloft.net>, Udit Agarwal <udit.agarwal@nxp.com>,
Eric Biggers <ebiggers@kernel.org>,
Jan Luebbe <j.luebbe@pengutronix.de>, david <david@sigma-star.at>,
Franck Lenormand <franck.lenormand@nxp.com>,
Sumit Garg <sumit.garg@linaro.org>,
"open list, ASYMMETRIC KEYS" <keyrings@vger.kernel.org>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
Linux Doc Mailing List <linux-doc@vger.kernel.org>,
linux-integrity <linux-integrity@vger.kernel.org>,
linux-kernel <linux-kernel@vger.kernel.org>,
LSM <linux-security-module@vger.kernel.org>
Subject: Re: [PATCH v2 6/6] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Date: Fri, 2 Jul 2021 10:00:05 +0200 [thread overview]
Message-ID: <2f608e5a-5a12-6db1-b9bd-a2cd9e3e3671@pengutronix.de> (raw)
In-Reply-To: <1850833581.13438.1625172175436.JavaMail.zimbra@nod.at>
Hello Richard,
On 01.07.21 22:42, Richard Weinberger wrote:
> Ahmad,
>
> ----- Ursprüngliche Mail -----
>> Von: "Ahmad Fatoum" <a.fatoum@pengutronix.de>
>> +static struct caam_blob_priv *blobifier;
>> +
>> +#define KEYMOD "kernel:trusted"
>
> I'm still think that hard coding the key modifier is not wise.
> As I said[0], there are folks out there that want to provide their own modifier,
> so it is not only about being binary compatible with other CAAM blob patches in the wild.
I don't think the characterization as a salt is accurate. AFAIU it's more
of a namespace, so blobs being loaded are "type-checked" against the modifier.
> I'll happily implement that feature after your patches got merged but IMHO we should first agree on an interface.
> How about allowing another optional parameter to Opt_new and Opt_load
Sound good to me. pcrlock for TPM trusted keys has the same interface.
I'd prefer the new option to accept strings, not hex though.
> and having a key modifier per struct trusted_key_payload instance?
Ye, possibly a void *backend_data, which other trust sources could leverage
as well. But that should be separate discussion.
Cheers,
Ahmad
>
> Thanks,
> //richard
>
> [0]
> https://patchwork.kernel.org/project/linux-crypto/patch/319e558e1bd19b80ad6447c167a2c3942bdafea2.1615914058.git-series.a.fatoum@pengutronix.de/#24085397
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
next prev parent reply other threads:[~2021-07-02 8:00 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-22 12:37 [PATCH v2 0/6] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Ahmad Fatoum
2021-06-22 12:37 ` [PATCH v2 1/6] KEYS: trusted: allow use of TEE as backend without TCG_TPM support Ahmad Fatoum
2021-07-19 8:04 ` Sumit Garg
2021-07-19 9:09 ` Ahmad Fatoum
2021-06-22 12:37 ` [PATCH v2 3/6] KEYS: trusted: allow users to use kernel RNG for key material Ahmad Fatoum
2021-06-22 12:37 ` [PATCH v2 4/6] KEYS: trusted: allow trust sources " Ahmad Fatoum
2021-06-22 12:37 ` [PATCH v2 5/6] crypto: caam - add in-kernel interface for blob generator Ahmad Fatoum
2021-07-02 8:03 ` Ahmad Fatoum
2021-06-22 12:37 ` [PATCH v2 6/6] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Ahmad Fatoum
2021-07-01 20:42 ` Richard Weinberger
2021-07-02 8:00 ` Ahmad Fatoum [this message]
2021-07-02 10:53 ` Richard Weinberger
2021-07-02 12:33 ` Ahmad Fatoum
2021-07-20 19:19 ` Richard Weinberger
2021-07-20 20:24 ` Mimi Zohar
2021-07-20 20:37 ` Richard Weinberger
2021-07-21 17:02 ` Ahmad Fatoum
2021-07-14 6:36 ` [PATCH v2 0/6] " Ahmad Fatoum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2f608e5a-5a12-6db1-b9bd-a2cd9e3e3671@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=aymen.sghaier@nxp.com \
--cc=corbet@lwn.net \
--cc=davem@davemloft.net \
--cc=david@sigma-star.at \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=franck.lenormand@nxp.com \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=j.luebbe@pengutronix.de \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=kernel@pengutronix.de \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=richard@nod.at \
--cc=serge@hallyn.com \
--cc=sumit.garg@linaro.org \
--cc=udit.agarwal@nxp.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.