[PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

Sumit Garg sumit.garg at linaro.org
Thu Apr 1 12:55:03 UTC 2021

Hi Richard,

On Wed, 31 Mar 2021 at 03:34, Richard Weinberger
<richard.weinberger at gmail.com> wrote:
> Ahmad,
> On Wed, Mar 17, 2021 at 3:08 PM Ahmad Fatoum <a.fatoum at pengutronix.de> wrote:
> >     keyctl add trusted $KEYNAME "load $(cat ~/kmk.blob)" @s
> Is there a reason why we can't pass the desired backend name in the
> trusted key parameters?
> e.g.
> keyctl add trusted $KEYNAME "backendtype caam load $(cat ~/kmk.blob)" @s

IIUC, this would require support for multiple trusted keys backends at
runtime but currently the trusted keys subsystem only supports a
single backend which is selected via kernel module parameter during

So the trusted keys framework needs to evolve to support multiple
trust sources at runtime but I would like to understand the use-cases
first. IMO, selecting the best trust source available on a platform
for trusted keys should be a one time operation, so why do we need to
have other backends available at runtime as well?


> --
> Thanks,
> //richard

More information about the Linux-security-module-archive mailing list