Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp3919621pxv; Mon, 28 Jun 2021 16:40:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwkiKtkG5iOlPQq8+Tc91H4I6bGb5yvCQ5QrkZrQ0GKyWLEc/qniyDJ1LGRpyeh+tUW8ddV X-Received: by 2002:a92:c7a7:: with SMTP id f7mr19867307ilk.154.1624923638786; Mon, 28 Jun 2021 16:40:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624923638; cv=none; d=google.com; s=arc-20160816; b=J1f0EyOKCHsyuIX7WCfvalogSnaCbjPGcfiP6M7xptzLSZXTmY4oebb0Z6/CEquYig S+L369UiBDU07mWpgoWUeq71LTKvVW043BNNV/wzUmViPBY+bE1m0eZF39Z9ZMKDC3l0 /Lcz3V1D16OVwLtG0LUERkS2joXf61citSTJ3ylWZgHs5l8iIK3PkJH791bm1sLpdl5N 8FAcdu+eVcVleLegFEwApL9T4VUKcPWTwd+j4wiL/cdS/TETHlUsdBRuuO0PmP7y7FSr 5ACk25q8HSpbLML7N/6CDS1d6xW9iKMxtN4fJhI8IWFYCMf4AlFcXjY4Z+3cyt+FsP9/ QBfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=Z2eTGBF8cKmK4hfSJJaTRWNwJ/wQm5OHrYYniY5NRgQ=; b=vxL4Ol+aBK1hZJRgAVPvJbkcYbRG7cuVi8oAV4+6gv8vckzlmeQrawpG+FcHw29NwS sdPkFLtlFfaFNuLVbEVWDOoqRweKASo8zhVGoPCQJMZ3AxdzC8l54wYVru4qZEfEjlqE D5jB2pNIbtFOmdlabY7WR4Ybp2UBfQlE+Nw6VztWtafwWXOzajhBMqJCOav5iVMB/wP2 bWOFNiagUOjXBA5fJdY3qZ17hue8adTQ5feEFUsxO3G0eyvGG2mgYFlutS/kNsw0x2WO u2eQB+HAifNCLLg94zEdhqQP6pVsCHIs2PAAwhm+QEjsBzirD1C4pYvE6HGYBAc/GVq0 2MXg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=PcxaghaL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i13si22313135ilm.45.2021.06.28.16.40.25; Mon, 28 Jun 2021 16:40:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=PcxaghaL; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234244AbhF1TOZ (ORCPT + 99 others); Mon, 28 Jun 2021 15:14:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43280 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233605AbhF1TOX (ORCPT ); Mon, 28 Jun 2021 15:14:23 -0400 Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2B631C061760 for ; Mon, 28 Jun 2021 12:11:57 -0700 (PDT) Received: by mail-lj1-x235.google.com with SMTP id k8so27262247lja.4 for ; Mon, 28 Jun 2021 12:11:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Z2eTGBF8cKmK4hfSJJaTRWNwJ/wQm5OHrYYniY5NRgQ=; b=PcxaghaLpMh+T26+vpvO+N/uXCxKEoqeVARQ7ZqZ5OhEITda3Zv1QXIrakDQ26Tbkq aU1zITj3NW/CPLK31OfGi4rtkLgsYRrW/0Tfoi+2Gf5BsHR9d7y0C1si/zKVAssOnH+t ZnS8HNKd9db3/SQvssXSJ660cuIhHSvMz/LBQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Z2eTGBF8cKmK4hfSJJaTRWNwJ/wQm5OHrYYniY5NRgQ=; b=Jljx1NNpvbk8upXjzUTNEvo1PeEUtxo2NQimGAyaUH5qoXHb0iDpC7vIObgvUv7tuu yUlTDRrIObhgDUSBBGesJcHIq3uHaVD6+kz06E9IoYPdoqXfH/MWcLwR2d19Fpw0IpGl VEXFz8QoA1Nt/CsfszdCFXCdk9Wsq+SXRCXtu2AdodC4/oReLQtOu5BVL1HbdpNWOgcB egsK3c7xD/i0iT6XH4JuOH9wnfjchcEy3aoYyr/n08CMJPpvs56koxgx8YlhnPSRGMaa LzYcyGgUrggaKajMsYEFVe/o/coOMdXrtnjVSozD6CK2EzspPw/CcNM+GkLvNu3pCyOD vwEQ== X-Gm-Message-State: AOAM532lw0hti0/ncS3MIAZeBH430cWCwc2HQviDxVHRfaZTBTvaRHK4 o1qKw9Jk+18CdbEYW69t9N3k+k/FTgK0Gy7G X-Received: by 2002:a2e:80ca:: with SMTP id r10mr683047ljg.485.1624907514964; Mon, 28 Jun 2021 12:11:54 -0700 (PDT) Received: from mail-lf1-f42.google.com (mail-lf1-f42.google.com. [209.85.167.42]) by smtp.gmail.com with ESMTPSA id p24sm1097828lfo.0.2021.06.28.12.11.54 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 28 Jun 2021 12:11:54 -0700 (PDT) Received: by mail-lf1-f42.google.com with SMTP id q18so181279lfc.7 for ; Mon, 28 Jun 2021 12:11:54 -0700 (PDT) X-Received: by 2002:ac2:4950:: with SMTP id o16mr12794197lfi.487.1624907513712; Mon, 28 Jun 2021 12:11:53 -0700 (PDT) MIME-Version: 1.0 References: <20210623135600.n343aglmvu272fsg@kernel.org> <8de9d45e-4389-8316-b0d0-e9a43be9fade@linux.ibm.com> In-Reply-To: <8de9d45e-4389-8316-b0d0-e9a43be9fade@linux.ibm.com> From: Linus Torvalds Date: Mon, 28 Jun 2021 12:11:37 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [GIT PULL] TPM DEVICE DRIVER changes for v5.14 To: Stefan Berger Cc: Jarkko Sakkinen , Linux Kernel Mailing List , linux-integrity , James Morris James Morris , David Howells , Peter Huewe Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 28, 2021 at 11:33 AM Stefan Berger wrote: > > The removal is triggered by the user changing the type of key from what > is in the keyfile. I understand. But if I earlier pointed the kernel config to one my RSA keys, and then I change some key type config option to something else, I sure as hell don't want to perhaps lose my key as a result. Yes, one common situation is that the key is some automatically generated one. That's what I use personally - I want a temporary key that is thrown away and never exists except for validating that "yup, I built these modules for this kernel". Removing that temporary key is fine. But if I pointed MODULE_SIG_KEY to something outside the kernel build, I sure as hell don't want the kernel build deleting it. Ever. In fact, it should never write to it. It should extract the key information from it, and nothing else. So no. No backups either. Because there is not a single valid situation where you'd want a backup - because the kernel build should never EVER modify the original. Maybe I misunderstand what is going on, but I think the whole thing is completely wrongly designed. The _only_ key that the kernel build should touchn is the auto-generated throw-away one (ie "certs/signing_key.pem"), not CONFIG_MODULE_SIG_KEY in general. Linus