Received: by 2002:a05:6a10:c604:0:0:0:0 with SMTP id y4csp2559872pxt; Mon, 9 Aug 2021 03:36:04 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzSzlxjqT4I3WrvrltPop3lCZF6zhqqYCBd0sUshCr5Y2wxz/xHy962Q9ycYDkFEZhgBMBE X-Received: by 2002:a17:906:c182:: with SMTP id g2mr21474607ejz.507.1628505364206; Mon, 09 Aug 2021 03:36:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628505364; cv=none; d=google.com; s=arc-20160816; b=pkVvgjXgQ5tLywleUXhIgLbgwJkEjHKJ3n5BkhDe723grJHkRAwO5Tgnp7fpf7p1DF g96JwB5jpdQ59euKAGKu3zOwMxnOyI9y/eyN7NKenGM7gNcLMq7siz1KuFejRBrZ0eyT om8DK/yGDwXeHLOad5h77+dtK3W+9Ght2PV3aYNjoCHfOIIfiZKdIfrdhzL69zCO78zr HML03cCiX7mLfYl+W1VNIhj/EuIy2a+UDpcLyC9o25IZa33x8Gb/nl3roXLpBJNM9qHh XBg8vY9Ic2e/DWba/EEa5T3Mc0R+8L8JrL3mA+jM41MgKaEYk+E4Z0r8eZxei9/2cTSN s/iQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=aopP81kzieg1isBpfAVOInGSihvCNWTwPj31E1ehSuY=; b=lMWe3MllzDBmAIB99LRHrfySreGjhB2kO9elG7KH6EKiBD11bnOeSRwd4SZ155eG/s c+SYCLn+2hQLx0eT7jzfOitXDAxO700NfVgsEXi2/Lvd0v3V8eOQH5PRdaaxb+VFLbQl cdYpH2MKvNns/Fh5RKn7YV9Had7dMyuyoGge1VA8AA4FLgq1GkX1m8geiuEF5qmanYZB ZrO2GwwQ7jYKbMpH4c8QbPpTzA3ynDf9IiADA4Uqsfald4LYmUM/PiYQ54NiB89qkkZh /aUKQdNrt6iw1/Zo7f1p9gIydEeEkVbnq7a8cSIKrNCQ7cwEsoguKmF881m8EqdQoPt1 JE2w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e26si4623943edr.515.2021.08.09.03.35.40; Mon, 09 Aug 2021 03:36:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234615AbhHIKRU (ORCPT + 99 others); Mon, 9 Aug 2021 06:17:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43722 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233393AbhHIKRS (ORCPT ); Mon, 9 Aug 2021 06:17:18 -0400 Received: from metis.ext.pengutronix.de (metis.ext.pengutronix.de [IPv6:2001:67c:670:201:290:27ff:fe1d:cc33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1193AC061796 for ; Mon, 9 Aug 2021 03:16:58 -0700 (PDT) Received: from gallifrey.ext.pengutronix.de ([2001:67c:670:201:5054:ff:fe8d:eefb] helo=[127.0.0.1]) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1mD2L1-0006Uv-IB; Mon, 09 Aug 2021 12:16:55 +0200 Subject: Re: [PATCH 0/4] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys To: Jarkko Sakkinen Cc: =?UTF-8?Q?Horia_Geant=c4=83?= , Mimi Zohar , Aymen Sghaier , Herbert Xu , "David S. Miller" , James Bottomley , Jan Luebbe , Udit Agarwal , Sumit Garg , David Gstir , Eric Biggers , Franck LENORMAND , Richard Weinberger , James Morris , linux-kernel@vger.kernel.org, David Howells , linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, kernel@pengutronix.de, linux-integrity@vger.kernel.org, Steffen Trumtrar , "Serge E. Hallyn" References: <20210809093519.er32rmspuvkrww45@kernel.org> From: Ahmad Fatoum Message-ID: <8321cac9-350b-1325-4b7e-390f4f292070@pengutronix.de> Date: Mon, 9 Aug 2021 12:16:49 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 MIME-Version: 1.0 In-Reply-To: <20210809093519.er32rmspuvkrww45@kernel.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-SA-Exim-Connect-IP: 2001:67c:670:201:5054:ff:fe8d:eefb X-SA-Exim-Mail-From: a.fatoum@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-crypto@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On 09.08.21 11:35, Jarkko Sakkinen wrote: > On Fri, Aug 06, 2021 at 05:12:19PM +0200, Ahmad Fatoum wrote: >> Dear trusted key maintainers, >> >> On 21.07.21 18:48, Ahmad Fatoum wrote: >>> Series applies on top of >>> https://lore.kernel.org/linux-integrity/20210721160258.7024-1-a.fatoum@pengutronix.de/T/#u >>> >>> v2 -> v3: >>> - Split off first Kconfig preparation patch. It fixes a regression, >>> so sent that out, so it can be applied separately (Sumit) >>> - Split off second key import patch. I'll send that out separately >>> as it's a development aid and not required within the CAAM series >>> - add MAINTAINERS entry >> >> Gentle ping. I'd appreciate feedback on this series. > > Simple question: what is fscrypt? For supported file systems, fscrypt[1] allows you to encrypt at a directory level. It has no trusted key integration yet, which is something I am trying to upstream in parallel to this series, so I eventually can use fscrypt together with CAAM-backed trusted keys on an unpatched kernel. If it interests you, I described[2] my CAAM+ubifs+fscrypt use case in the discussion thread on my fscrypt-trusted-keys v1. Jan, a colleague of mine, held a talk[3] on the different solutions for authenticated and encrypted storage, which you may want to check out. I'd really appreciate feedback here on the the CAAM parts of this series, so this can eventually go mainline. Thanks, Ahmad [1]: https://www.kernel.org/doc/html/v5.13/filesystems/fscrypt.html [2]: https://lore.kernel.org/linux-fscrypt/367ea5bb-76cf-6020-cb99-91b5ca82d679@pengutronix.de/ [3]: https://www.youtube.com/watch?v=z_y84v9076c > > /Jarkko > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |