Re: [PATCH 0/4] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
Date: 2021-08-09 10:17:09
Also in:
keyrings, linux-crypto, linux-integrity, lkml
On 09.08.21 11:35, Jarkko Sakkinen wrote:
On Fri, Aug 06, 2021 at 05:12:19PM +0200, Ahmad Fatoum wrote:quoted
Dear trusted key maintainers, On 21.07.21 18:48, Ahmad Fatoum wrote:quoted
Series applies on top of https://lore.kernel.org/linux-integrity/20210721160258.7024-1-a.fatoum@pengutronix.de/T/#u (local) v2 -> v3: - Split off first Kconfig preparation patch. It fixes a regression, so sent that out, so it can be applied separately (Sumit) - Split off second key import patch. I'll send that out separately as it's a development aid and not required within the CAAM series - add MAINTAINERS entryGentle ping. I'd appreciate feedback on this series.Simple question: what is fscrypt?
For supported file systems, fscrypt[1] allows you to encrypt at a directory level. It has no trusted key integration yet, which is something I am trying to upstream in parallel to this series, so I eventually can use fscrypt together with CAAM-backed trusted keys on an unpatched kernel. If it interests you, I described[2] my CAAM+ubifs+fscrypt use case in the discussion thread on my fscrypt-trusted-keys v1. Jan, a colleague of mine, held a talk[3] on the different solutions for authenticated and encrypted storage, which you may want to check out. I'd really appreciate feedback here on the the CAAM parts of this series, so this can eventually go mainline. Thanks, Ahmad [1]: https://www.kernel.org/doc/html/v5.13/filesystems/fscrypt.html [2]: https://lore.kernel.org/linux-fscrypt/367ea5bb-76cf-6020-cb99-91b5ca82d679@pengutronix.de/ (local) [3]: https://www.youtube.com/watch?v=z_y84v9076c
/Jarkko
-- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |