Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp393685pxf;
        Thu, 1 Apr 2021 04:06:47 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxsr7/r7Qfal+CfHKqhQUx4SakUh3G2LvA6aMFbKO07+eiohMw2+UJl2mK8P2KPaBl96QL0
X-Received: by 2002:aa7:d54c:: with SMTP id u12mr9501877edr.234.1617275207728;
        Thu, 01 Apr 2021 04:06:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617275207; cv=none;
        d=google.com; s=arc-20160816;
        b=UEjhLZqO+JDWecQiCl1JblFN9WEHVw3ZQ1Yan4dNIBgqPtkmSrpwSVabP8yPDTk4wn
         ZfJ+sT9M63vwmcQSrS/rjXkl8xOJuLACDLogU0jJu9gpDFZbuQYVnMAiKDg2EuZMMqWO
         g3djVHlOdnP7r8HKgxbpuINd4R9Pb3ZyYqavH2rXrw+hBG+DY882FUQXVh5oIeoWGrfZ
         dER3J9wmrBRzIcShB+N+5vm7yTqNun4P+iEGiq5ucInAmz7H8wROL0Nm7TUmBDLlWQni
         EFftD9I6IK+FZimHGuedcnMTIWxfQJXrBknubhuWct26mOjEja/yDegYO0qPM3m6O4l9
         BtpQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:thread-index:thread-topic
         :content-transfer-encoding:mime-version:subject:references
         :in-reply-to:message-id:cc:to:from:date;
        bh=RjOag1FEO9qa8IpDEOq+UyGx2QeMNDV3hFCI/eGrY4k=;
        b=QAeWkF916hCfSRySzNaqRwS37z/6QuUtijYZV8EMsFj0VxPP8UgZc6Ib5PUPUSuTmF
         4MIuWPeBR49NhkasKx9mIN1v5dJ8NvOfA7X4LCQBJIhGhfRdo5q1OYlm9DPQyscGel1S
         EHXOu2EnEElSwMvgTXOQAzJom7kAEZYhGpMewUp0msXBNjh72JIH087BgVVxguol4k7W
         bzLmW5UZfmDVxgpqnIkr6kVnpF1pYoN7+NOowlTA2tSzteMMJvNwAmoi3GxBgAQ1sUvW
         VNtcGkVpR00phU8ivTuGYZCbishlBjoTO+K+HZXi3H9Mt6r9MwjRXT+OPMqnjE6Y4nMr
         Thcw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id u25si3617706edo.148.2021.04.01.04.06.23;
        Thu, 01 Apr 2021 04:06:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233817AbhDALFu convert rfc822-to-8bit (ORCPT
        <rfc822;dave.gstir+lkml@gmail.com> + 99 others);
        Thu, 1 Apr 2021 07:05:50 -0400
Received: from lithops.sigma-star.at ([195.201.40.130]:32846 "EHLO
        lithops.sigma-star.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234041AbhDALFh (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Thu, 1 Apr 2021 07:05:37 -0400
Received: from localhost (localhost [127.0.0.1])
        by lithops.sigma-star.at (Postfix) with ESMTP id 3B499606BA22;
        Thu,  1 Apr 2021 13:05:35 +0200 (CEST)
Received: from lithops.sigma-star.at ([127.0.0.1])
        by localhost (lithops.sigma-star.at [127.0.0.1]) (amavisd-new, port 10032)
        with ESMTP id E9eRLkGUOegD; Thu,  1 Apr 2021 13:05:34 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
        by lithops.sigma-star.at (Postfix) with ESMTP id BA9F4606BA25;
        Thu,  1 Apr 2021 13:05:34 +0200 (CEST)
Received: from lithops.sigma-star.at ([127.0.0.1])
        by localhost (lithops.sigma-star.at [127.0.0.1]) (amavisd-new, port 10026)
        with ESMTP id EHEmUm6zRXLO; Thu,  1 Apr 2021 13:05:34 +0200 (CEST)
Received: from lithops.sigma-star.at (lithops.sigma-star.at [195.201.40.130])
        by lithops.sigma-star.at (Postfix) with ESMTP id 80607606BA22;
        Thu,  1 Apr 2021 13:05:34 +0200 (CEST)
Date:   Thu, 1 Apr 2021 13:05:34 +0200 (CEST)
From:   Richard Weinberger <richard@nod.at>
To:     Ahmad Fatoum <a.fatoum@pengutronix.de>
Cc:     Jarkko Sakkinen <jarkko@kernel.org>,
        horia geanta <horia.geanta@nxp.com>,
        Mimi Zohar <zohar@linux.ibm.com>,
        aymen sghaier <aymen.sghaier@nxp.com>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        davem <davem@davemloft.net>,
        James Bottomley <jejb@linux.ibm.com>,
        kernel <kernel@pengutronix.de>,
        David Howells <dhowells@redhat.com>,
        James Morris <jmorris@namei.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Steffen Trumtrar <s.trumtrar@pengutronix.de>,
        Udit Agarwal <udit.agarwal@nxp.com>,
        Jan Luebbe <j.luebbe@pengutronix.de>,
        david <david@sigma-star.at>,
        Franck Lenormand <franck.lenormand@nxp.com>,
        Sumit Garg <sumit.garg@linaro.org>,
        linux-integrity <linux-integrity@vger.kernel.org>,
        "open list, ASYMMETRIC KEYS" <keyrings@vger.kernel.org>,
        Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
        linux-kernel <linux-kernel@vger.kernel.org>,
        LSM <linux-security-module@vger.kernel.org>
Message-ID: <1713376107.139705.1617275134320.JavaMail.zimbra@nod.at>
In-Reply-To: <c72f93be-04e8-bb52-7252-4b4131648100@pengutronix.de>
References: <cover.56fff82362af6228372ea82e6bd7e586e23f0966.1615914058.git-series.a.fatoum@pengutronix.de> <ca2a7c17-3ed0-e52f-2e2f-c0f8bbe10323@pengutronix.de> <CAFLxGvyj1aZ_3MuxJC6onejchV_6A8WbNR1vTLpSBF5QTxvLyQ@mail.gmail.com> <897df7dd-83a1-3e3e-1d9f-5a1adfd5b2fb@pengutronix.de> <1263763932.139584.1617272457698.JavaMail.zimbra@nod.at> <27d7d3fa-5df8-1880-df21-200de31cc629@pengutronix.de> <717795270.139671.1617274418087.JavaMail.zimbra@nod.at> <c72f93be-04e8-bb52-7252-4b4131648100@pengutronix.de>
Subject: Re: [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP
 CAAM-based trusted keys
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8BIT
X-Originating-IP: [195.201.40.130]
X-Mailer: Zimbra 8.8.12_GA_3807 (ZimbraWebClient - FF78 (Linux)/8.8.12_GA_3809)
Thread-Topic: KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Thread-Index: +7QYEzCmiCSeqRxyZ/IwtzeggPfilw==
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

Ahmad,

----- Ursprüngliche Mail -----
> Von: "Ahmad Fatoum" <a.fatoum@pengutronix.de>
>> I don't want you to force to use cryptsetup.
> 
> I'd love to use cryptsetup with LUKS and trusted keys eventually. I'll take

But using LUKS would mean that cryptsetup has access to the plain disc encryption key material?
This would be a no-go for many systems out there, key material must not accessible to userspace.
I know, distrusting userspace root is not easy, but doable. :)

Thanks,
//richard