Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp238209pxf; Wed, 31 Mar 2021 23:05:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxkvD6RcMabNnfImv7koRZSi0cLrDyLbCVbcPgt7xM2f0GUe8k3XT1gdUJJ3FhhV3fTATXL X-Received: by 2002:a17:906:9243:: with SMTP id c3mr7709049ejx.388.1617257141578; Wed, 31 Mar 2021 23:05:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617257141; cv=none; d=google.com; s=arc-20160816; b=sDYFBhGXieFCPHlyUpYo/t4WE4z+Z1UHz06iJvezFY4SOmkvQsNwvzO1YqKIlKHK66 JvewOvI9HfyV/huyLgn7o+tzT1YwiycD5unsZFkTq1GJ7gbj1w+dMXo1CJjpXYSNo1jy rIdwe1F2bkf15MJ7kFusrJ63fOzhk/ftDJlZcC38CFiyk9lly1qoGFLMoM5E1mLF3Mcx 367IdEAhU1AIOg5MkhrTza9nf6f+5tBMovIikTLoM5CgfXr6DqJPbXpZE/Jx/GhB/DL2 muG+U6rVrCczdb/zxGtjcbGjmocPQ/QBnCldOEhCsrLZ1XFDcZ+wUdyKNiT5P2K4PjLV Ndzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=/ZavUfZ432day3BUTrec9V+9KxPsuOV1kRKSp8Ra+W8=; b=xQub3JHE4b9f8Lwe9UhljJS3BVkPBRYaMvOe8V791+St5ZLR0jSlKieWx4XAOSbiS1 eC6rLvEcbl+7jD5LdmCpyK8L2MtOgPlIW2cwY5ksCTVkqwwfwKEzcYLgw6dwaHrAF/yX 4wtbIyycpE1fVISXxj6ccvf0kn6qPut5jqSbMvJIt/8RUtQPwto1ZchEKPSfvOksDMXr w14pDXqZ9ddlUPqZSY7ZhV8GoL58D8tlR01MnTjCt60fJV7bz+5zas08DmytRQ80SmQU Uqd9WU1DLj6nhq/N/5ENq37hVxz5wLKLJ1ZRRwvQZvmywZPzktvEAF5RaZwKaqUFd25R nQYg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=p1Qt48hX; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id zd21si3527495ejb.634.2021.03.31.23.05.13; Wed, 31 Mar 2021 23:05:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=p1Qt48hX; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233128AbhDAGDu (ORCPT + 99 others); Thu, 1 Apr 2021 02:03:50 -0400 Received: from mail.kernel.org ([198.145.29.99]:45352 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233219AbhDAGDk (ORCPT ); Thu, 1 Apr 2021 02:03:40 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 5C04461055; Thu, 1 Apr 2021 06:03:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1617257019; bh=xt6GQYsb58xuQ6PPnQZNlaKyr1g0GjRYBFrfAuKY2t8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=p1Qt48hXISX/0tFEftpS56HuuzWK2yhF8NA6tlN9DbOlNoRic99mX4UqP85MlVPC+ /wD/PmfERDh5wOjvraogBFYLnf0LRsOE9QKfOrcgjXqMwX1xwuJo62xwTYse0Zw8dB GzWE0pO3I/UDUaiA5JGffU2/M9qXqmYaIDyuTUdYdeEPq827TGHwLjvgcIrtZDzJb0 oEiC+HE6KHGa1SdyGn8z+FD7mDFUgVNkSJCTwb+XcS3KzibyfWK1f8vsapZcAgH9e1 zpLPnXmR3P5w6xLmYqO2YXih4YGc2w6F/KSBotAWogQaiG2lhnEbcYGD2P0Bmubnoq vTlmBPA7bbDwQ== Date: Wed, 31 Mar 2021 23:03:37 -0700 From: Eric Biggers To: Jarkko Sakkinen Cc: Herbert Xu , David Gstir , Sumit Garg , Ahmad Fatoum , Mimi Zohar , Horia =?utf-8?Q?Geant=C4=83?= , Jonathan Corbet , David Howells , James Bottomley , "kernel@pengutronix.de" , James Morris , "Serge E. Hallyn" , Aymen Sghaier , "David S. Miller" , Udit Agarwal , Jan Luebbe , Franck Lenormand , "keyrings@vger.kernel.org" , "linux-crypto@vger.kernel.org" , "linux-doc@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-security-module@vger.kernel.org" Subject: Re: [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Message-ID: References: <557b92d2-f3b8-d136-7431-419429f0e059@pengutronix.de> <6F812C20-7585-4718-997E-0306C4118468@sigma-star.at> <20210401011132.GB4349@gondor.apana.org.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Apr 01, 2021 at 08:50:05AM +0300, Jarkko Sakkinen wrote: > On Thu, Apr 01, 2021 at 12:11:32PM +1100, Herbert Xu wrote: > > On Wed, Mar 31, 2021 at 04:34:29PM -0700, Eric Biggers wrote: > > > On Thu, Apr 01, 2021 at 02:31:46AM +0300, Jarkko Sakkinen wrote: > > > > > > > > It's a bummer but uapi is the god in the end. Since TPM does not do it > > > > today, that behaviour must be supported forever. That's why a boot option > > > > AND a warning would be the best compromise. > > > > > > It's not UAPI if there is no way for userspace to tell if it changed. > > > > Exactly. UAPI is only an issue if something *breaks*. > > If there's even one user that comes shouting that he has a user space > configuration, where e.g. rng entropy is consumed constantly and the > code assumes that trusted keys does not add to that, then something > would break. > > It would be a crap user space yes, but I don't want to go on reverting > because of that. I think there is small but still existing chance that > something could break. random.c no longer provides any interfaces that subtract entropy credits, as that was never something that made sense. So "consuming" all the entropy from random.c isn't a thing anymore. > > Why not just add a boot parameter instead of making brutal enforcing > changes, indirectly visible to the user space? Why not just fix this bug instead of providing an option to fix it that everyone will need to remember to provide? - Eric