From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB88BC4361B for ; Thu, 1 Apr 2021 10:28:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B5CFB61103 for ; Thu, 1 Apr 2021 10:28:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234361AbhDAK2M convert rfc822-to-8bit (ORCPT ); Thu, 1 Apr 2021 06:28:12 -0400 Received: from lithops.sigma-star.at ([195.201.40.130]:60260 "EHLO lithops.sigma-star.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234170AbhDAK1z (ORCPT ); Thu, 1 Apr 2021 06:27:55 -0400 Received: from localhost (localhost [127.0.0.1]) by lithops.sigma-star.at (Postfix) with ESMTP id 6CAB4606BA27; Thu, 1 Apr 2021 12:23:58 +0200 (CEST) Received: from lithops.sigma-star.at ([127.0.0.1]) by localhost (lithops.sigma-star.at [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id XWsDeVM0dlYR; Thu, 1 Apr 2021 12:23:58 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by lithops.sigma-star.at (Postfix) with ESMTP id E6125606BA2C; Thu, 1 Apr 2021 12:23:57 +0200 (CEST) Received: from lithops.sigma-star.at ([127.0.0.1]) by localhost (lithops.sigma-star.at [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id AXT7SBVIcz0n; Thu, 1 Apr 2021 12:23:57 +0200 (CEST) Received: from lithops.sigma-star.at (lithops.sigma-star.at [195.201.40.130]) by lithops.sigma-star.at (Postfix) with ESMTP id AF33B606BA27; Thu, 1 Apr 2021 12:23:57 +0200 (CEST) Date: Thu, 1 Apr 2021 12:23:57 +0200 (CEST) From: Richard Weinberger To: Ahmad Fatoum Cc: Jonathan Corbet , David Howells , Jarkko Sakkinen , James Bottomley , Mimi Zohar , kernel , James Morris , "Serge E. Hallyn" , horia geanta , aymen sghaier , Herbert Xu , davem , Udit Agarwal , Jan Luebbe , david , Franck Lenormand , Sumit Garg , "open list, ASYMMETRIC KEYS" , Linux Crypto Mailing List , Linux Doc Mailing List , linux-integrity , linux-kernel , LSM Message-ID: <628222835.139597.1617272637645.JavaMail.zimbra@nod.at> In-Reply-To: References: <319e558e1bd19b80ad6447c167a2c3942bdafea2.1615914058.git-series.a.fatoum@pengutronix.de> Subject: Re: [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT X-Originating-IP: [195.201.40.130] X-Mailer: Zimbra 8.8.12_GA_3807 (ZimbraWebClient - FF78 (Linux)/8.8.12_GA_3809) Thread-Topic: KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Thread-Index: bRpCX2JQ5lnT2KZCBTYRFn2CLxkWdw== Precedence: bulk List-ID: Ahmad, ----- Ursprüngliche Mail ----- > Von: "Ahmad Fatoum" >> That way existing blobs can also be used with this implementation. >> IIRC the NXP vendor tree uses "SECURE_KEY" as default modifier. > > Being binary compatible with other implementations is not an objective > for this patch set. If you need to migrate I'd suggest to get out a > clear text password and side-load it into the trusted key framework. Compatibility is only one argument, IMHO the much stronger argument is that there are people out there that want to salt the CAAM blob with a key modifier of their own choice. Thanks, //richard