Thread (71 messages) 71 messages, 13 authors, 2021-04-02

Re: [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

From: Ahmad Fatoum <a.fatoum@pengutronix.de>
Date: 2021-04-01 10:29:10
Also in: keyrings, linux-integrity, linux-security-module, lkml 

Hello,

On 01.04.21 12:20, Richard Weinberger wrote:
Ahmad,

----- Ursprüngliche Mail -----
quoted
Von: "Ahmad Fatoum" [off-list ref]
quoted
I'm pretty sure with minimal changes it will work with your recent approach too.
I am using dmsetup directly in my project. I am not familiar with cryptsetup
plain. What benefits do you see with this over direct dmsetup?
cryptsetup is the de-facto standard to setup encrypted block devices.
There is a lot of existing tooling around cryptsetup already (systemd, etc..),
Do you mean systemd-cryptsetup? It looks to me like it's just a way to supply
the keyphrase. With trusted keys and a keyphrase unknown to userspace, this
won't work.

so being able to use CAAM keys for dm-crypt with cryptsetup seems natural to me.
Plain mode allows setting up dm-crypt without LUKS.
I don't (yet) see the utility of it without LUKS. Perhaps a command dump on how
to do the same I did with dmsetup, but with cryptsetup plain instead could
help me to see the benefits?

Cheers,
Ahmad

Thanks,
//richard
-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help