From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9AF9EC43603 for ; Wed, 31 Mar 2021 18:36:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7EF9061090 for ; Wed, 31 Mar 2021 18:36:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235278AbhCaSgX convert rfc822-to-8bit (ORCPT ); Wed, 31 Mar 2021 14:36:23 -0400 Received: from lithops.sigma-star.at ([195.201.40.130]:44632 "EHLO lithops.sigma-star.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234511AbhCaSgL (ORCPT ); Wed, 31 Mar 2021 14:36:11 -0400 Received: from localhost (localhost [127.0.0.1]) by lithops.sigma-star.at (Postfix) with ESMTP id D1D0D606BA3F; Wed, 31 Mar 2021 20:36:08 +0200 (CEST) Received: from lithops.sigma-star.at ([127.0.0.1]) by localhost (lithops.sigma-star.at [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id auclVmt-zenX; Wed, 31 Mar 2021 20:36:08 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by lithops.sigma-star.at (Postfix) with ESMTP id 32C50627AFCE; Wed, 31 Mar 2021 20:36:08 +0200 (CEST) Received: from lithops.sigma-star.at ([127.0.0.1]) by localhost (lithops.sigma-star.at [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 5ywQbLygSeGs; Wed, 31 Mar 2021 20:36:08 +0200 (CEST) Received: from lithops.sigma-star.at (lithops.sigma-star.at [195.201.40.130]) by lithops.sigma-star.at (Postfix) with ESMTP id D39D4606BA3F; Wed, 31 Mar 2021 20:36:07 +0200 (CEST) Date: Wed, 31 Mar 2021 20:36:07 +0200 (CEST) From: Richard Weinberger To: James Bottomley Cc: Ahmad Fatoum , Jarkko Sakkinen , horia geanta , Mimi Zohar , aymen sghaier , Herbert Xu , davem , kernel , David Howells , James Morris , "Serge E. Hallyn" , Steffen Trumtrar , Udit Agarwal , Jan Luebbe , david , Franck Lenormand , Sumit Garg , linux-integrity , "open list, ASYMMETRIC KEYS" , Linux Crypto Mailing List , linux-kernel , LSM Message-ID: <1777909690.136833.1617215767704.JavaMail.zimbra@nod.at> In-Reply-To: References: Subject: Re: [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT X-Originating-IP: [195.201.40.130] X-Mailer: Zimbra 8.8.12_GA_3807 (ZimbraWebClient - FF78 (Linux)/8.8.12_GA_3809) Thread-Topic: KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Thread-Index: xbZUpghZowrq6I0Q8ESVpM8UhKDwsA== Precedence: bulk List-ID: James, ----- Ursprüngliche Mail ----- > Von: "James Bottomley" >> On Wed, Mar 17, 2021 at 3:08 PM Ahmad Fatoum > > wrote: >> > keyctl add trusted $KEYNAME "load $(cat ~/kmk.blob)" @s >> >> Is there a reason why we can't pass the desired backend name in the >> trusted key parameters? >> e.g. >> keyctl add trusted $KEYNAME "backendtype caam load $(cat ~/kmk.blob)" >> @s > > Why would you want to in the load? The blob should be type specific, > so a TPM key shouldn't load as a CAAM key and vice versa ... and if > they're not they need to be made so before the patches go upstream. I fear right now there is no good way to detect whether a blob is desired for CAAM or TPM. > I could possibly see that you might want to be type specific in the > create, but once you're simply loading an already created key, the > trusted key subsystem should be able to figure what to do on its own. So you have some kind of container format in mind which denotes the type of the blob? Thanks, //richard