Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp108168pxf; Wed, 31 Mar 2021 18:18:43 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw3qLXJm5817EKhkO537AcZmbBAgVE1KIxdVZiu8K03epQne44riqNBPGCd6G9HDCoXqckA X-Received: by 2002:a17:907:720a:: with SMTP id dr10mr6511418ejc.375.1617239923244; Wed, 31 Mar 2021 18:18:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617239923; cv=none; d=google.com; s=arc-20160816; b=QvYbrJTXkUvpOKRl1xNsc25TKrb3SQj9AQPEvJro6QBJ5s7+I87Ed1w8MB9FovVlBs rH+CBozdzcunYTwdAz3V7OMWdzXXI7dJ0BpLfBXTB4R8cL0Nc++woUiNms1pEU/syGxd wLKmIsKJ20SncGpZw6LLc/Fx45GTW/Ye4auXPDDPuEzH7EUC5N4Dy5LW/n7GSBf1Wtad B7/VP/BGA5BEt0bwcoBfJtTgUTTwqiwhJX6UkOahzNyolMJOblvetJsDA7XUI0Oh9rWu cB8sc2z5V1LGX0dtab9z5PHNMG0cmWG/0skQ7LYqNyc0Sbk1ZAIi94crle4sqzwM36It x1eQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=NLg2YXh8+pAyJkkSNu90XzFEabZ8CDEOavZ+gmBn+lg=; b=aIKm+bvpBIp1ktCLSfWxix9VHR3HGOj4fTkdVZ/wnTtmbE86fR5Mr196bJ6kUskUkP 8XlpQhoEpi833PVi2JjDUc12p56o17GOy7nRWRGYTpnmUyCyf2XvBkL1CN/R0VXFASmU o00ItJtexWm5LKUK8ley/467Ay5AYkkPAivk4D6AQTWd/U1eJ0bKG/RjV1VvJquhIpmK y+e5BtlU69Uejph4bJaaL4ExLCHah1PjplrxRmz625/sieIlRo0kmnxmWeQMNdgdMk3W XVIvLC38Dv+FiDFwwk5qEgewvNFp6kSmG78jyhC9C3vk8+VerC2WHE03vM9Toh/krJMF U21w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id lc7si3111617ejb.426.2021.03.31.18.18.20; Wed, 31 Mar 2021 18:18:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233170AbhDABMp (ORCPT + 99 others); Wed, 31 Mar 2021 21:12:45 -0400 Received: from helcar.hmeau.com ([216.24.177.18]:37150 "EHLO fornost.hmeau.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230284AbhDABMM (ORCPT ); Wed, 31 Mar 2021 21:12:12 -0400 Received: from gwarestrin.arnor.me.apana.org.au ([192.168.103.7]) by fornost.hmeau.com with smtp (Exim 4.92 #5 (Debian)) id 1lRlrx-0007Nz-AT; Thu, 01 Apr 2021 12:11:34 +1100 Received: by gwarestrin.arnor.me.apana.org.au (sSMTP sendmail emulation); Thu, 01 Apr 2021 12:11:32 +1100 Date: Thu, 1 Apr 2021 12:11:32 +1100 From: Herbert Xu To: Eric Biggers Cc: Jarkko Sakkinen , David Gstir , Sumit Garg , Ahmad Fatoum , Mimi Zohar , Horia =?utf-8?Q?Geant=C4=83?= , Jonathan Corbet , David Howells , James Bottomley , "kernel@pengutronix.de" , James Morris , "Serge E. Hallyn" , Aymen Sghaier , "David S. Miller" , Udit Agarwal , Jan Luebbe , Franck Lenormand , "keyrings@vger.kernel.org" , "linux-crypto@vger.kernel.org" , "linux-doc@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-security-module@vger.kernel.org" Subject: Re: [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Message-ID: <20210401011132.GB4349@gondor.apana.org.au> References: <63dd7d4b-4729-9e03-cd8f-956b94eab0d9@pengutronix.de> <557b92d2-f3b8-d136-7431-419429f0e059@pengutronix.de> <6F812C20-7585-4718-997E-0306C4118468@sigma-star.at> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, Mar 31, 2021 at 04:34:29PM -0700, Eric Biggers wrote: > On Thu, Apr 01, 2021 at 02:31:46AM +0300, Jarkko Sakkinen wrote: > > > > It's a bummer but uapi is the god in the end. Since TPM does not do it > > today, that behaviour must be supported forever. That's why a boot option > > AND a warning would be the best compromise. > > It's not UAPI if there is no way for userspace to tell if it changed. Exactly. UAPI is only an issue if something *breaks*. Cheers, -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt