Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp199616pxb; Tue, 9 Mar 2021 21:09:21 -0800 (PST) X-Google-Smtp-Source: ABdhPJy7O3KurESjs4G4p7g+XBkG5ktIja7uzdiiLjku4b09kQ4rjO0qqn8Jlsn9yUjxVFVFIkNz X-Received: by 2002:a17:907:2642:: with SMTP id ar2mr1650119ejc.145.1615352961580; Tue, 09 Mar 2021 21:09:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1615352961; cv=none; d=google.com; s=arc-20160816; b=zWceIbAzhZ4fHw7+WPjW1WxfpRxNJujvhVwN49r/pTo2j9viOeVW5njr9ru4mIYS0K e0Pf6ET5xEWq/WP+cuWMfybM4szHkUF+4dz+nWGeCtDQpofzIuvHgPMMIN2P79ZVYSFQ msXkag53hV83BcA/3Pq8sQEn1MdOgyG5GOl4zxZ+wrjF4CL/dgRkGCjvPBGhk1cJocg3 w42BtZYWp3/+7YatkaWvejd96/z7K+3DhSBQ3jGZytlI3y9Oho5Da+BnDdPHlUOt9hyj twuvunfqblwJoAxPbgjYc/gmVnwAS/cpLCaVhsrA1Cea2Ko72QlwB5gam6gHLzGWr/Np lV0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=9nJduy9vJ/gQ9Q5XK6k0XKFhpSnNly3WrZaYD2M0E4M=; b=g/14YSEsyVFExP/38PGs5B9sjOqKAu7H62oqHJEaW1sTeNvQ/NQKnQPHLbTr+OywCc z5U71xh1UAlqVAPiyNVjX5hGfrwklzRWpSZuSjMwNF/rRvMmbjxfBhLlQ+0FMmbSQyz2 hmneWQknHVItSEnxblvlNNY1oXomYtAbDJyJ+r9KwChw2ViCKoquHw4AgdwkgEymBBhz ln9DdMxqMdAVMv+LhWBguPz/0QCxdH9rjYjXKhNILEnUr/AhS7gBk29mPo9YXeW1OOKN 7GXgaGY57XMytNHpigxqzla87eh/ryixUS6qE6OanE/VWenlI0AZF9ULgs5GWKaLTgpY 8t7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Qu+1v9uZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s10si9735653edi.563.2021.03.09.21.08.59; Tue, 09 Mar 2021 21:09:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=Qu+1v9uZ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230346AbhCJEzF (ORCPT + 99 others); Tue, 9 Mar 2021 23:55:05 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48054 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232378AbhCJEyq (ORCPT ); Tue, 9 Mar 2021 23:54:46 -0500 Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2F86EC061763 for ; Tue, 9 Mar 2021 20:54:46 -0800 (PST) Received: by mail-lf1-x12a.google.com with SMTP id r3so23069748lfc.13 for ; Tue, 09 Mar 2021 20:54:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9nJduy9vJ/gQ9Q5XK6k0XKFhpSnNly3WrZaYD2M0E4M=; b=Qu+1v9uZK4/SCesRdfvdaIGpwyqIYD3wcfpeNPzOcsro1n4BnHpcpIshrnhMWrC297 bJ1vLzD8JDObKwC5i3DXxeM1b6ttsMToxGQiVstvyI4EzvPyPEmcgDwImrG7jz35W76R 5WBVSyEOuu0OOPuNDEgZJyyPu3wrxis8s+iJK6IxnMnPMM5fQXVmjj6V/BgYVnzhtRt8 Q/g3YQRgbR8t6eYYRUcO7tTT4k79FpDfKDxiCqmg614HPZB3FPgXAABs2eXgqEyoOU86 3XGRbsqTonKUCL3dh5eUUlW3+4Jvd/Wys5N/s+z3AXteE5qQ0zl+736eu+txVvl14A5E bsGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9nJduy9vJ/gQ9Q5XK6k0XKFhpSnNly3WrZaYD2M0E4M=; b=gPU15o4H8E95iqTGpQ1z8UidYBtw4SpEqffEJom8N9uAnz0W0JLWdfmT7RfJsEHhKx bDa+hMVD3MtVLLFdTHpyuEYRAuA+HY1Zyz1m+T0bsMBXolclKKM7ZadGHksKxXLE8Fk7 Vn//xuQWYe9jlNakWlzWjx3vXO/bEi2Kq1Fn8mDysI/CzvAZkZHCz+y5JBG88p1CKqsq q0b7nBmzfC+DWQnWV+DmfBctew90G5AhQ6Vuc6wk+RitxGsgi7M6x8XnOWbm6gzruXvU EWaPbfOR74CJy/rQvjj5ACK88FPtqty6odM10yifM3I4QlA7+hnRRy5dDcO1b2cXEMxZ tGPg== X-Gm-Message-State: AOAM533NAGHALwwIQ2gGiZYDP6NsGXsVPFgdkQo0JAums8OnqbViZHPi DP1phhLAnqfiX5f8ewtYLi0saEj/zTtQwnKKcQjGTA== X-Received: by 2002:ac2:5970:: with SMTP id h16mr901084lfp.108.1615352084389; Tue, 09 Mar 2021 20:54:44 -0800 (PST) MIME-Version: 1.0 References: <20210303135500.24673-1-alex.bennee@linaro.org> <20210303135500.24673-2-alex.bennee@linaro.org> <20210305075131.GA15940@goby> <178479.1615309961@warthog.procyon.org.uk> In-Reply-To: <178479.1615309961@warthog.procyon.org.uk> From: Sumit Garg Date: Wed, 10 Mar 2021 10:24:33 +0530 Message-ID: Subject: Re: [RFC PATCH 1/5] rpmb: add Replay Protected Memory Block (RPMB) subsystem To: David Howells Cc: Linus Walleij , Arnd Bergmann , "open list:ASYMMETRIC KEYS" , Jarkko Sakkinen , Joakim Bech , =?UTF-8?B?QWxleCBCZW5uw6ll?= , "linux-kernel@vger.kernel.org" , Maxim Uvarov , Ilias Apalodimas , Ruchika Gupta , "Winkler, Tomas" , yang.huang@intel.com, bing.zhu@intel.com, Matti.Moell@opensynergy.com, hmo@opensynergy.com, linux-mmc , linux-scsi , linux-nvme@vger.kernel.org, Ulf Hansson , Arnd Bergmann , Hector Martin Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi David, On Tue, 9 Mar 2021 at 22:43, David Howells wrote: > > Linus Walleij wrote: > > > As it seems neither Microsoft nor Apple is paying it much attention > > (+/- new facts) it will be up to the community to define use cases > > for RPMB. I don't know what would make most sense, but the > > kernel keyring seems to make a bit of sense as it is a well maintained > > keyring project. > > I'm afraid I don't know a whole lot about the RPMB. I've just been and read > https://lwn.net/Articles/682276/ about it. > > What is it you envision the keyring API doing with regard to this? Being used > to represent the key needed to access the RPMB or being used to represent an > RPMB entry (does it have entries?)? > I think it's the former one to represent the RPMB key and it looks like the trusted and encrypted keys subsystem should be useful here to prevent any user-space exposures of the RPMB key. -Sumit > David >