Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp1720536rwi; Thu, 20 Oct 2022 16:47:15 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4XcASNqkjbxVnvBgMuQ46MqCsIlW0fF5OvVf5gFiOeLPiKSL5OQeadrLL9hoSJmkv9lh5A X-Received: by 2002:aa7:d458:0:b0:45b:ddbf:39fa with SMTP id q24-20020aa7d458000000b0045bddbf39famr14750727edr.335.1666309634853; Thu, 20 Oct 2022 16:47:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666309634; cv=none; d=google.com; s=arc-20160816; b=zgMW6ICdbspglxEHw+jKEMw04WyJhbB5xmden78A+HGiaCnd6BUW9BkTcIE//rknex Z2sK3OBAAkTZERGXconZkk6mVkezN5xeVIC4dQi0Boc6XbLnDW9PaHVADWunJERuHRC7 nfv8eqiUv7kSYr769me9PTipmJEGHlpHsbuO1hnADjzKRNfIq2IwFHC+YKIkRjIamAvr 5/zxwtSlDu5prZTCrXZGTiG+DFMqjePzKQ4QrAZsDRkQwhzOChcgBdOjQ+HI3MvD6znj 95paKjeswu0W7iumak4vBuzAQ66+TEqJTvJVHLlQnLQdjhHpk7My7fXd23matTcposjb 58hA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=Q3AP/tQZsCGWdqocUdGbR0U8FOgV3GYYbflK+bE4iCU=; b=V1LnKSQNldNW2BLpiL01jA12Hlf9yGyGmaj09RKZHsZbqiNOtITZrsd+8dzhceM2Xo 4OIUGt8wPwPnyg5x9gKA0e4flVzsZ/SrgyIHCX2gyFTAhUFMifPays8PkEGMsqsV3z2F 1KGPWfd24iqVr/nwRecaTgnZmNmqbxcAm1VL3DNWDZCtYWQ77xLjB9syh9aliK2koiJl nMVAwLlOwFacWJsN8hFii87Ea68EStlatDgQodx/Lmj58H/VJpJskeLXvgcCxbIUFuK1 7pvHPxwYWnJYxwUAyYKqaOx1wmSU5urIuJ9KQJuH9NM7GmyW5S5vEpksUDWupuaZHily UX0w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ziepe.ca header.s=google header.b=n3in2a6l; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ho40-20020a1709070ea800b0078df1c345dasi19789802ejc.534.2022.10.20.16.46.43; Thu, 20 Oct 2022 16:47:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ziepe.ca header.s=google header.b=n3in2a6l; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229604AbiJTXnF (ORCPT + 99 others); Thu, 20 Oct 2022 19:43:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49408 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229552AbiJTXnD (ORCPT ); Thu, 20 Oct 2022 19:43:03 -0400 Received: from mail-qk1-x733.google.com (mail-qk1-x733.google.com [IPv6:2607:f8b0:4864:20::733]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8C44616DC38 for ; Thu, 20 Oct 2022 16:43:01 -0700 (PDT) Received: by mail-qk1-x733.google.com with SMTP id t25so1043002qkm.2 for ; Thu, 20 Oct 2022 16:43:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ziepe.ca; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=Q3AP/tQZsCGWdqocUdGbR0U8FOgV3GYYbflK+bE4iCU=; b=n3in2a6l84dZ4h43JiWPEaU07Ag4vYTbida9+trrLRkXvVMbPcyx6HxtX8lAajFZFC DtoagUZ1PTH2sW0BvUiuWacOoD+b0oHxbdazrKo7R18xXMv8a3vvGZGyW62mYg4k6lkt 3/foqWE3SI3G+FIcfErHPBsohl89rS5d99nOCfhFM+R8EWwDBwnmrXXAOdtpDHqEUdZo oMi4qWhGG7oSMxykmVnWYIwNz7FJ2k300VniYOJMoYM5/+paUqv5Ir8yBWQ898/Yzkzm ihj9GA65p7uqsk6bsfytPAf9WygErO/AX5iGn+8DsaW97NMJqf1dnss8tzD88E+2Oquw RSDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Q3AP/tQZsCGWdqocUdGbR0U8FOgV3GYYbflK+bE4iCU=; b=RORjCLoBGW/ZY2ZPCu1r8bJvxi4l0AZN01YYbdP2YogehnI9hI3l96lPGH9n+2Hjvu jB+dsBaqLDceGWGpBy1xRy+pBSBTKmvdue/W6WnKeZYRYJQKu/qVmFrVbhsWK5uckVLV XK8dejJkcisEvB6s/bZkmE2LjGfHl9qUeinEj0rV7XRu55arTVpiDUNhT2n+JuRv9w7U p5blVh9N0nQaQO+QBSUeLfDGGGsj65gdxVLo6ZPBZ20iBOS2mzDrUMmTKku+jThTI0MP 0WCEFgfNKks1dlleaqahDTNDXDWBPRgwN0yr6+D4eQSo5Of2bZjE0OFm6+r2uPm9OMbY VcBQ== X-Gm-Message-State: ACrzQf0V4huOcVKMhhHMPbQkhDY/2J9vV6AEg1c6yqCeh91KojJwvnds Ck/SKvz2l+gxo/RCMRZpR0nXOA== X-Received: by 2002:a05:620a:13b6:b0:6ee:cf79:bfa1 with SMTP id m22-20020a05620a13b600b006eecf79bfa1mr11569554qki.15.1666309380684; Thu, 20 Oct 2022 16:43:00 -0700 (PDT) Received: from ziepe.ca (hlfxns017vw-47-55-122-23.dhcp-dynamic.fibreop.ns.bellaliant.net. [47.55.122.23]) by smtp.gmail.com with ESMTPSA id y13-20020a05620a25cd00b006bbf85cad0fsm8537748qko.20.2022.10.20.16.42.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Oct 2022 16:42:59 -0700 (PDT) Received: from jgg by wakko with local (Exim 4.95) (envelope-from ) id 1olfBj-00B3Bu-0U; Thu, 20 Oct 2022 20:42:59 -0300 Date: Thu, 20 Oct 2022 20:42:58 -0300 From: Jason Gunthorpe To: Eric Biggers Cc: Herbert Xu , "Jason A. Donenfeld" , Pankaj Gupta , "jarkko@kernel.org" , "a.fatoum@pengutronix.de" , "gilad@benyossef.com" , "jejb@linux.ibm.com" , "zohar@linux.ibm.com" , "dhowells@redhat.com" , "sumit.garg@linaro.org" , "david@sigma-star.at" , "michael@walle.cc" , "john.ernberg@actia.se" , "jmorris@namei.org" , "serge@hallyn.com" , "davem@davemloft.net" , "j.luebbe@pengutronix.de" , "richard@nod.at" , "keyrings@vger.kernel.org" , "linux-crypto@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-security-module@vger.kernel.org" , Sahil Malhotra , Kshitiz Varshney , Horia Geanta , Varun Sethi Subject: Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the tfm Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Oct 20, 2022 at 02:28:36PM -0700, Eric Biggers wrote: > On Thu, Oct 20, 2022 at 04:23:53PM -0300, Jason Gunthorpe wrote: > > On Wed, Oct 19, 2022 at 09:26:05PM -0700, Eric Biggers wrote: > > > > > Are you referring to the support for hardware-wrapped inline crypto keys? It > > > isn't upstream yet, but my latest patchset is at > > > https://lore.kernel.org/linux-fscrypt/20220927014718.125308-2-ebiggers@kernel.org/T/#u. > > > There's also a version of it used by some Android devices already. Out of > > > curiosity, are you using it in an Android device, or have you adopted it in some > > > other downstream? > > > > Unrelated to Android, similar functionality, but slightly different > > ultimate purpose. We are going to be sending a fscrypt patch series > > for mlx5 and nvme soonish. > > That's interesting, though also slightly scary in that it sounds like you've > already shipped some major fscrypt changes without review! Heh, says the Android guy :) Fortunately nothing major, we are enterprise focused, we need stuff in real distros - we know know how to do it. > > That sounds disappointing that we are now having parallel ways for the > > admin to manipulate kernel owned keys. > > Well, the keyrings subsystem never worked properly for fscrypt anyway. At most, > it's only useful for providing the key to the filesystem initially (by passing a > key ID to FS_IOC_ADD_ENCRYPTION_KEY, instead of the key bytes), similar to what > dm-crypt allows. After that, the keyrings subsystem plays no role. Sure, but loading the key into the keyring should allow many different options, including things like TPM PCR secured keys (eg like bitlocker) - we shouldn't allow user space the ability to see the key data at all. Duplicating this in every subsystem makes no sense, there is a reasonable role for the keyring to play in solving these kinds of problems for everything. Jason