On Sat, 2019-08-03 at 17:44 +0300, Jarkko Sakkinen wrote:

On Fri, 2019-08-02 at 15:23 -0500, Tyler Hicks wrote:

quoted

That wasn't the conclusion that I came to. I prefer Robert's proposed
change to trusted.ko.

How do you propose that this be fixed in eCryptfs?

Removing encrypted_key support from eCryptfs is the only way that I can
see to fix the bug in eCryptfs. That support has been there since 2011.
I'm not sure of the number of users that would be broken by removing
encrypted_key support. I don't think the number is high but I can't say
that confidently.

Looking at the documentation [1] it is stated that

"Encrypted keys do not depend on a TPM, and are faster, as they use AES
for encryption/decryption."

Why would you need to remove support for encrypted keys? Isn't it a
regression in encrypted keys to hard depend on trusted keys given
what the documentation says?

"Encrypted" key are symmetric keys, which are encrypted/decrypted
either by a "trusted" key or, for development purposes only, a "user"
key.

Mimi