[PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

Jarkko Sakkinen jarkko at kernel.org
Thu Apr 1 05:46:16 UTC 2021


On Wed, Mar 31, 2021 at 04:34:29PM -0700, Eric Biggers wrote:
> On Thu, Apr 01, 2021 at 02:31:46AM +0300, Jarkko Sakkinen wrote:
> > 
> > It's a bummer but uapi is the god in the end. Since TPM does not do it
> > today, that behaviour must be supported forever. That's why a boot option
> > AND a warning would be the best compromise.
> > 
> 
> It's not UAPI if there is no way for userspace to tell if it changed.
> 
> - Eric

It's enough uapi for me. People might assume that the entropy source is
TPM for this, since it has been so far.

/Jarkko



More information about the Linux-security-module-archive mailing list