Hello Richard,

On 31.03.21 20:35, Richard Weinberger wrote:

Ahmad,

On Tue, Mar 16, 2021 at 6:24 PM Ahmad Fatoum [off-list ref] wrote:

quoted

+#define KEYMOD "kernel:trusted"

why is the CAAM key modifier hard coded?
I'd love to have way to pass my own modifier.

That way existing blobs can also be used with this implementation.
IIRC the NXP vendor tree uses "SECURE_KEY" as default modifier.

Being binary compatible with other implementations is not an objective
for this patch set. If you need to migrate I'd suggest to get out a
clear text password and side-load it into the trusted key framework.

Jan and Mimi discussed this some weeks back:

https://lore.kernel.org/linux-integrity/e8f149cddce55a4e4615396108e4c900cbec75a8.camel@pengutronix.de/ (local)

There's no code to implement this yet though.

Cheers,
Ahmad

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |