-----Original Message-----
From: David Howells <dhowells@redhat.com>
Sent: Wednesday, March 6, 2019 6:30 PM
To: Franck Lenormand <redacted>
Cc: dhowells@redhat.com; linux-kernel@vger.kernel.org; linux-security-
module@vger.kernel.org; keyrings@vger.kernel.org; Horia Geanta
[off-list ref]; Silvano Di Ninno [off-list ref];
agk@redhat.com; snitzer@redhat.com; dm-devel@redhat.com;
jmorris@namei.org; serge@hallyn.com
Subject: Re: [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in
dmcrypt

Franck LENORMAND [off-list ref] wrote:

quoted

The capacity to generate or load keys already available in the Linux
key retention service does not allows to exploit CAAM capabilities
hence we need to create a new key_type. The new key type "caam_tk"

allows to:

quoted

 - Create a black key from random
 - Create a black key from a red key
 - Load a black blob to retrieve the black key

Is it possible that this could be done through an existing key type, such as the
asymmetric, trusted or encrypted key typed?

David

Hello David,

I didn't know about asymmetric key type so I looked it up, from my
observation, it would not be possible to use it for the caam_tk as
we must perform operations on the data provided.
The name " asymmetric " is also misleading for the use we would have.

The trusted and encrypted does not provides the necessary
callbacks to do what we would need or require huge modifications.

I would like, for this series to focus on the change related to
dm-crypt. In effect, it is currently not possible to pass a key
from the asymmetric key type to it.

Franck