Thread (71 messages) 71 messages, 13 authors, 2021-04-02

Re: [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

From: Sumit Garg <hidden>
Date: 2021-04-01 17:52:46
Also in: keyrings, linux-crypto, linux-integrity, lkml 

Hi Richard,

On Wed, 31 Mar 2021 at 03:34, Richard Weinberger
[off-list ref] wrote:
Ahmad,

On Wed, Mar 17, 2021 at 3:08 PM Ahmad Fatoum [off-list ref] wrote:
quoted
    keyctl add trusted $KEYNAME "load $(cat ~/kmk.blob)" @s
Is there a reason why we can't pass the desired backend name in the
trusted key parameters?
e.g.
keyctl add trusted $KEYNAME "backendtype caam load $(cat ~/kmk.blob)" @s
IIUC, this would require support for multiple trusted keys backends at
runtime but currently the trusted keys subsystem only supports a
single backend which is selected via kernel module parameter during
boot.

So the trusted keys framework needs to evolve to support multiple
trust sources at runtime but I would like to understand the use-cases
first. IMO, selecting the best trust source available on a platform
for trusted keys should be a one time operation, so why do we need to
have other backends available at runtime as well?

-Sumit

--
Thanks,
//richard
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help