Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp58274pxf; Wed, 31 Mar 2021 16:36:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxAAqPR2w4vr3L5R2EaJl0J8XHY7bim6+egEz0xpNCoHiIDP0flQ/XoprYqL2bSBgxokQwi X-Received: by 2002:a05:6402:1350:: with SMTP id y16mr6684927edw.309.1617233784641; Wed, 31 Mar 2021 16:36:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617233784; cv=none; d=google.com; s=arc-20160816; b=iFsZQO/E2nnuz1PXJIxNS1P0rI99NaeMstDeviSjzeqQ2ZgmKxBJ4NI7Vb8X9OFv0s aD62brWzk1dfAXDFXqlyGm5mKRaj2dXFhQ8gdl+GFHcwWETAk71f7tQLmC82iF1j7zBZ n63RNbX8Q/iyBX/Wmy/RvwU7S5kxE4WFpowl/guRh07Ri81tlUuvz5110z2AfLN3CDkS gM7y/6s1HmqhaiK192aRvBDUVYGe+iokacMeYXPMRPaidrcUmv75n2pdlsNyu8k7cPW+ /D0TQ/gO4LukXOqXEbapt7/fG97xLoEZ079suSu88x2YtDp9arCITfywz3IvouXh2GKE Zujg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=IJFL1aTJ9AZezw9VQXQhxvR3obRGRFX+5NCeXlKbTVA=; b=VnlN/BIj6MqJj/UcuUjU2SUAWBEzA0Yal9FgeuD0bobRWzM42EqrqZUTcBDOn7UbwM 3tmvsHwfSsdqYBwSjgZwCMd/uL+WMOOsFMvwlS7MwSVP9qXm5frpkzWfk7TL9C775/UG zu/L69MjgN0NoUniHxsm+VvcN5yWq6y2pw/WrsAY7txNxA/+k0QTnNHw1qjzVdjOOIcL PTR4+euhuZVxuLeAt06DENztCYpMExhpdjcvfMvyHKZaoxr6PBMZxBu2gQMlP3QO3oFC w6qcf0qnENE9aYR0S13OuO6VE13xOTNARCIH15n/30t0vARCZFBzpS2O57Ya7OyY6kRC NEXw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=lS+AwwMV; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a11si2860237edr.205.2021.03.31.16.36.00; Wed, 31 Mar 2021 16:36:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=lS+AwwMV; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232579AbhCaXep (ORCPT + 99 others); Wed, 31 Mar 2021 19:34:45 -0400 Received: from mail.kernel.org ([198.145.29.99]:34808 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229515AbhCaXec (ORCPT ); Wed, 31 Mar 2021 19:34:32 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 29A7C60724; Wed, 31 Mar 2021 23:34:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1617233671; bh=VHAWYRxy4bXutKQaag3jfIG0mzVbXNUJpeALfhV5//A=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=lS+AwwMVCTIo09zlTKi4crYXm1RZfX3vKkF85+eCjryasiCbM1xrvOtDv+/mxAKZg 4Ri8i+9lw2Fn3FRPM0x9Sf66YU7FqFO5U8fv30kRzJkWUfiOCPMFkV1Yg8bA0opOhZ Q5yAi3Cr1SogpVAe6mlqngN4ZUpiI0n8fupFhxJMHf7p9QyrR0cCuzkubdw0tQwsfF Bf6tbldLGu/mKxRzmNJd/09arSK6lVgEzksGj+ORJXiTXj34GxRDgPQEcHNF6uSc/c pMZSpd/2hZtjMog6+w33jGso1J6W7rqp/AvMRU8Szfb0K//JHWDVBh66LD2Ip7Cr19 Fe7xvtDDgbqVw== Date: Wed, 31 Mar 2021 16:34:29 -0700 From: Eric Biggers To: Jarkko Sakkinen Cc: David Gstir , Sumit Garg , Ahmad Fatoum , Mimi Zohar , Horia =?utf-8?Q?Geant=C4=83?= , Jonathan Corbet , David Howells , James Bottomley , "kernel@pengutronix.de" , James Morris , "Serge E. Hallyn" , Aymen Sghaier , Herbert Xu , "David S. Miller" , Udit Agarwal , Jan Luebbe , Franck Lenormand , "keyrings@vger.kernel.org" , "linux-crypto@vger.kernel.org" , "linux-doc@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-security-module@vger.kernel.org" Subject: Re: [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Message-ID: References: <45a9e159-2dcb-85bf-02bd-2993d50b5748@pengutronix.de> <63dd7d4b-4729-9e03-cd8f-956b94eab0d9@pengutronix.de> <557b92d2-f3b8-d136-7431-419429f0e059@pengutronix.de> <6F812C20-7585-4718-997E-0306C4118468@sigma-star.at> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Apr 01, 2021 at 02:31:46AM +0300, Jarkko Sakkinen wrote: > > It's a bummer but uapi is the god in the end. Since TPM does not do it > today, that behaviour must be supported forever. That's why a boot option > AND a warning would be the best compromise. > It's not UAPI if there is no way for userspace to tell if it changed. - Eric