Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp108168pxf;
        Wed, 31 Mar 2021 18:18:43 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJw3qLXJm5817EKhkO537AcZmbBAgVE1KIxdVZiu8K03epQne44riqNBPGCd6G9HDCoXqckA
X-Received: by 2002:a17:907:720a:: with SMTP id dr10mr6511418ejc.375.1617239923244;
        Wed, 31 Mar 2021 18:18:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617239923; cv=none;
        d=google.com; s=arc-20160816;
        b=QvYbrJTXkUvpOKRl1xNsc25TKrb3SQj9AQPEvJro6QBJ5s7+I87Ed1w8MB9FovVlBs
         rH+CBozdzcunYTwdAz3V7OMWdzXXI7dJ0BpLfBXTB4R8cL0Nc++woUiNms1pEU/syGxd
         wLKmIsKJ20SncGpZw6LLc/Fx45GTW/Ye4auXPDDPuEzH7EUC5N4Dy5LW/n7GSBf1Wtad
         B7/VP/BGA5BEt0bwcoBfJtTgUTTwqiwhJX6UkOahzNyolMJOblvetJsDA7XUI0Oh9rWu
         cB8sc2z5V1LGX0dtab9z5PHNMG0cmWG/0skQ7LYqNyc0Sbk1ZAIi94crle4sqzwM36It
         x1eQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:user-agent:in-reply-to:content-disposition
         :mime-version:references:message-id:subject:cc:to:from:date;
        bh=NLg2YXh8+pAyJkkSNu90XzFEabZ8CDEOavZ+gmBn+lg=;
        b=aIKm+bvpBIp1ktCLSfWxix9VHR3HGOj4fTkdVZ/wnTtmbE86fR5Mr196bJ6kUskUkP
         8XlpQhoEpi833PVi2JjDUc12p56o17GOy7nRWRGYTpnmUyCyf2XvBkL1CN/R0VXFASmU
         o00ItJtexWm5LKUK8ley/467Ay5AYkkPAivk4D6AQTWd/U1eJ0bKG/RjV1VvJquhIpmK
         y+e5BtlU69Uejph4bJaaL4ExLCHah1PjplrxRmz625/sieIlRo0kmnxmWeQMNdgdMk3W
         XVIvLC38Dv+FiDFwwk5qEgewvNFp6kSmG78jyhC9C3vk8+VerC2WHE03vM9Toh/krJMF
         U21w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id lc7si3111617ejb.426.2021.03.31.18.18.20;
        Wed, 31 Mar 2021 18:18:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233170AbhDABMp (ORCPT <rfc822;dave.gstir+lkml@gmail.com>
        + 99 others); Wed, 31 Mar 2021 21:12:45 -0400
Received: from helcar.hmeau.com ([216.24.177.18]:37150 "EHLO fornost.hmeau.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S230284AbhDABMM (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
        Wed, 31 Mar 2021 21:12:12 -0400
Received: from gwarestrin.arnor.me.apana.org.au ([192.168.103.7])
        by fornost.hmeau.com with smtp (Exim 4.92 #5 (Debian))
        id 1lRlrx-0007Nz-AT; Thu, 01 Apr 2021 12:11:34 +1100
Received: by gwarestrin.arnor.me.apana.org.au (sSMTP sendmail emulation); Thu, 01 Apr 2021 12:11:32 +1100
Date:   Thu, 1 Apr 2021 12:11:32 +1100
From:   Herbert Xu <herbert@gondor.apana.org.au>
To:     Eric Biggers <ebiggers@kernel.org>
Cc:     Jarkko Sakkinen <jarkko@kernel.org>,
        David Gstir <david@sigma-star.at>,
        Sumit Garg <sumit.garg@linaro.org>,
        Ahmad Fatoum <a.fatoum@pengutronix.de>,
        Mimi Zohar <zohar@linux.ibm.com>,
        Horia =?utf-8?Q?Geant=C4=83?= <horia.geanta@nxp.com>,
        Jonathan Corbet <corbet@lwn.net>,
        David Howells <dhowells@redhat.com>,
        James Bottomley <jejb@linux.ibm.com>,
        "kernel@pengutronix.de" <kernel@pengutronix.de>,
        James Morris <jmorris@namei.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Aymen Sghaier <aymen.sghaier@nxp.com>,
        "David S. Miller" <davem@davemloft.net>,
        Udit Agarwal <udit.agarwal@nxp.com>,
        Jan Luebbe <j.luebbe@pengutronix.de>,
        Franck Lenormand <franck.lenormand@nxp.com>,
        "keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
        "linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
        "linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
        "linux-integrity@vger.kernel.org" <linux-integrity@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "linux-security-module@vger.kernel.org" 
        <linux-security-module@vger.kernel.org>
Subject: Re: [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP
 CAAM-based trusted keys
Message-ID: <20210401011132.GB4349@gondor.apana.org.au>
References: <f9c0087d299be1b9b91b242f41ac6ef7b9ee3ef7.camel@linux.ibm.com>
 <63dd7d4b-4729-9e03-cd8f-956b94eab0d9@pengutronix.de>
 <CAFA6WYOw_mQwOUN=onhzb7zCTyYDBrcx0E7C3LRk6nPLAVCWEQ@mail.gmail.com>
 <557b92d2-f3b8-d136-7431-419429f0e059@pengutronix.de>
 <CAFA6WYNE44=Y7Erfc-xNtOrf7TkJjh+odmYH5vzhEHR6KqBfeQ@mail.gmail.com>
 <6F812C20-7585-4718-997E-0306C4118468@sigma-star.at>
 <YGDpA4yPWmTWEyx+@kernel.org>
 <YGOcZtkw3ZM5kvl6@gmail.com>
 <YGUGYi4Q3Uxyol6r@kernel.org>
 <YGUHBelwhvJDhKoo@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <YGUHBelwhvJDhKoo@gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Wed, Mar 31, 2021 at 04:34:29PM -0700, Eric Biggers wrote:
> On Thu, Apr 01, 2021 at 02:31:46AM +0300, Jarkko Sakkinen wrote:
> > 
> > It's a bummer but uapi is the god in the end. Since TPM does not do it
> > today, that behaviour must be supported forever. That's why a boot option
> > AND a warning would be the best compromise.
> 
> It's not UAPI if there is no way for userspace to tell if it changed.

Exactly.  UAPI is only an issue if something *breaks*.

Cheers,
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt