[PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

Richard Weinberger richard at nod.at
Thu Apr 1 10:23:57 UTC 2021


----- Ursprüngliche Mail -----
> Von: "Ahmad Fatoum" <a.fatoum at pengutronix.de>
>> That way existing blobs can also be used with this implementation.
>> IIRC the NXP vendor tree uses "SECURE_KEY" as default modifier.
> Being binary compatible with other implementations is not an objective
> for this patch set. If you need to migrate I'd suggest to get out a
> clear text password and side-load it into the trusted key framework.

Compatibility is only one argument, IMHO the much stronger argument is that there are
people out there that want to salt the CAAM blob with a key modifier of their
own choice.


More information about the Linux-security-module-archive mailing list