Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp621731pxf; Wed, 31 Mar 2021 11:37:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyAlKYvQMKX7bp3KITS/NjLWPc3CrOx+rJuFmU4Bq8Z8MnmVWS1xhTkqHf0XZIVLqlOoqLn X-Received: by 2002:a17:907:1692:: with SMTP id hc18mr5002251ejc.265.1617215846737; Wed, 31 Mar 2021 11:37:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617215846; cv=none; d=google.com; s=arc-20160816; b=U3KVuewawr6G0CYPdPFC8zo+aWHMxpb4PRzl4ISJwEss1aMGzWtI6ZotbuXInsn4ow MkNo54ANvaiwzV+ivUYCpmx8VUlNo/Gf5OWjzCzPJFSkGhzHu4wtzjWe2/wh1jmvypJ8 wqwEPyizVDo+xqrpgO2B/fm14GY6zXLPIcVTQEb/tpb1gfm+2DVLY5Eh+zFfMuFo2BtL fnoyn7qt9YEz4kc/AmosmyJrhSrfONu0rA8o5fOPmF5J1NI8c3JOoa5dW4J8PPH3bJip 0CdYd4Y+/lzpdXVO9yMIiD1I+N9NuwZ9QC7qepmjMzWUIhEo4qyZqRpOZ1gk+T3vSgEH sRqw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:thread-index:thread-topic :content-transfer-encoding:mime-version:subject:references :in-reply-to:message-id:cc:to:from:date; bh=y1w9N/gq6/EzNbuFI6ZqJ7U9f4g0+6ejlra9ZLoa8X8=; b=EPAKPLd+B2Zk54fMJUk5Jwvihr+1903jaF3ZKhYC1pUAka8htwKpQ42KhNMt37FOHe Syv31guKDkjE2WM+KuVPa4trifZH0rxNSdGRECQBwN+2yqa+6QBfRLG1NLlktsxCDLrg jFFgo6bcAtXA5RQChAnc+aD87LfcAPHjEw4TG7kUXbtCoRNZo0PqwEUqZeqtxOsQ/M4A AXPAxHlwkUZ7cF0hWRmoDX/k8tEMLLunTcnhPSo4/+rmlb/UHCRsp7qKKgpBlw/ZAjDE 3HDASqgZhrCeSs/ZoDyP3BtwsVa6ShUlMNqc0WTwh0zRy8wu9KD30MlGuJhwNRu7lUJn s8Pg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ho20si2477635ejc.295.2021.03.31.11.36.55; Wed, 31 Mar 2021 11:37:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235087AbhCaSgW convert rfc822-to-8bit (ORCPT + 99 others); Wed, 31 Mar 2021 14:36:22 -0400 Received: from lithops.sigma-star.at ([195.201.40.130]:44632 "EHLO lithops.sigma-star.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234511AbhCaSgL (ORCPT ); Wed, 31 Mar 2021 14:36:11 -0400 Received: from localhost (localhost [127.0.0.1]) by lithops.sigma-star.at (Postfix) with ESMTP id D1D0D606BA3F; Wed, 31 Mar 2021 20:36:08 +0200 (CEST) Received: from lithops.sigma-star.at ([127.0.0.1]) by localhost (lithops.sigma-star.at [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id auclVmt-zenX; Wed, 31 Mar 2021 20:36:08 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by lithops.sigma-star.at (Postfix) with ESMTP id 32C50627AFCE; Wed, 31 Mar 2021 20:36:08 +0200 (CEST) Received: from lithops.sigma-star.at ([127.0.0.1]) by localhost (lithops.sigma-star.at [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 5ywQbLygSeGs; Wed, 31 Mar 2021 20:36:08 +0200 (CEST) Received: from lithops.sigma-star.at (lithops.sigma-star.at [195.201.40.130]) by lithops.sigma-star.at (Postfix) with ESMTP id D39D4606BA3F; Wed, 31 Mar 2021 20:36:07 +0200 (CEST) Date: Wed, 31 Mar 2021 20:36:07 +0200 (CEST) From: Richard Weinberger To: James Bottomley Cc: Ahmad Fatoum , Jarkko Sakkinen , horia geanta , Mimi Zohar , aymen sghaier , Herbert Xu , davem , kernel , David Howells , James Morris , "Serge E. Hallyn" , Steffen Trumtrar , Udit Agarwal , Jan Luebbe , david , Franck Lenormand , Sumit Garg , linux-integrity , "open list, ASYMMETRIC KEYS" , Linux Crypto Mailing List , linux-kernel , LSM Message-ID: <1777909690.136833.1617215767704.JavaMail.zimbra@nod.at> In-Reply-To: References: Subject: Re: [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT X-Originating-IP: [195.201.40.130] X-Mailer: Zimbra 8.8.12_GA_3807 (ZimbraWebClient - FF78 (Linux)/8.8.12_GA_3809) Thread-Topic: KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Thread-Index: xbZUpghZowrq6I0Q8ESVpM8UhKDwsA== Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org James, ----- Ursprüngliche Mail ----- > Von: "James Bottomley" >> On Wed, Mar 17, 2021 at 3:08 PM Ahmad Fatoum > > wrote: >> > keyctl add trusted $KEYNAME "load $(cat ~/kmk.blob)" @s >> >> Is there a reason why we can't pass the desired backend name in the >> trusted key parameters? >> e.g. >> keyctl add trusted $KEYNAME "backendtype caam load $(cat ~/kmk.blob)" >> @s > > Why would you want to in the load? The blob should be type specific, > so a TPM key shouldn't load as a CAAM key and vice versa ... and if > they're not they need to be made so before the patches go upstream. I fear right now there is no good way to detect whether a blob is desired for CAAM or TPM. > I could possibly see that you might want to be type specific in the > create, but once you're simply loading an already created key, the > trusted key subsystem should be able to figure what to do on its own. So you have some kind of container format in mind which denotes the type of the blob? Thanks, //richard