linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Franck Lenormand <franck.lenormand@nxp.com>
To: David Howells <dhowells@redhat.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"linux-security-module@vger.kernel.org" 
	<linux-security-module@vger.kernel.org>,
	"keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
	Horia Geanta <horia.geanta@nxp.com>,
	Silvano Di Ninno <silvano.dininno@nxp.com>,
	"agk@redhat.com" <agk@redhat.com>,
	"snitzer@redhat.com" <snitzer@redhat.com>,
	"dm-devel@redhat.com" <dm-devel@redhat.com>,
	"jmorris@namei.org" <jmorris@namei.org>,
	"serge@hallyn.com" <serge@hallyn.com>
Subject: RE: [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in dmcrypt
Date: Thu, 7 Mar 2019 13:17:48 +0000	[thread overview]
Message-ID: <AM6PR04MB54473C2D30DDD7CDC8522DF9924C0@AM6PR04MB5447.eurprd04.prod.outlook.com> (raw)
In-Reply-To: <11177.1551893395@warthog.procyon.org.uk>

> -----Original Message-----
> From: David Howells <dhowells@redhat.com>
> Sent: Wednesday, March 6, 2019 6:30 PM
> To: Franck Lenormand <franck.lenormand@nxp.com>
> Cc: dhowells@redhat.com; linux-kernel@vger.kernel.org; linux-security-
> module@vger.kernel.org; keyrings@vger.kernel.org; Horia Geanta
> <horia.geanta@nxp.com>; Silvano Di Ninno <silvano.dininno@nxp.com>;
> agk@redhat.com; snitzer@redhat.com; dm-devel@redhat.com;
> jmorris@namei.org; serge@hallyn.com
> Subject: Re: [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in
> dmcrypt
> 
> Franck LENORMAND <franck.lenormand@nxp.com> wrote:
> 
> > The capacity to generate or load keys already available in the Linux
> > key retention service does not allows to exploit CAAM capabilities
> > hence we need to create a new key_type. The new key type "caam_tk"
> allows to:
> >  - Create a black key from random
> >  - Create a black key from a red key
> >  - Load a black blob to retrieve the black key
> 
> Is it possible that this could be done through an existing key type, such as the
> asymmetric, trusted or encrypted key typed?
> 
> David

Hello David,

I didn't know about asymmetric key type so I looked it up, from my
observation, it would not be possible to use it for the caam_tk as
we must perform operations on the data provided.
The name " asymmetric " is also misleading for the use we would have.

The trusted and encrypted does not provides the necessary
callbacks to do what we would need or require huge modifications.

I would like, for this series to focus on the change related to
dm-crypt. In effect, it is currently not possible to pass a key
from the asymmetric key type to it.

Franck

  reply	other threads:[~2019-03-07 13:18 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-03-01 16:09 [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in dmcrypt Franck LENORMAND
2019-03-01 16:09 ` [RFC PATCH 1/2] drivers: crypto: caam: key: Add caam_tk key type Franck LENORMAND
2019-03-01 16:09 ` [RFC PATCH 2/2] dm-crypt: Use any key type which is registered Franck LENORMAND
2020-01-18 17:55   ` James Bottomley
2019-03-06 16:47 ` [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in dmcrypt Jan Lübbe
2019-03-07 13:02   ` Franck Lenormand
2019-03-06 17:29 ` David Howells
2019-03-07 13:17   ` Franck Lenormand [this message]
2020-01-18 17:51     ` James Bottomley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=AM6PR04MB54473C2D30DDD7CDC8522DF9924C0@AM6PR04MB5447.eurprd04.prod.outlook.com \
    --to=franck.lenormand@nxp.com \
    --cc=agk@redhat.com \
    --cc=dhowells@redhat.com \
    --cc=dm-devel@redhat.com \
    --cc=horia.geanta@nxp.com \
    --cc=jmorris@namei.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=serge@hallyn.com \
    --cc=silvano.dininno@nxp.com \
    --cc=snitzer@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).