[PATCH 3/4] crypto: caam - add in-kernel interface for blob generator

David Gstir david at sigma-star.at
Wed Aug 11 10:43:01 UTC 2021


Hi Ahmad,

> On 11.08.2021, at 12:22, Ahmad Fatoum <a.fatoum at pengutronix.de> wrote:
>
>> Since you already assert that MAX_BLOB_SIZE <= CAAM_BLOB_MAX_LEN
>> in security/keys/trusted-keys/trusted_caam.c, this will never
>> be an issue for CAAM-based trusted-keys though.
> I omitted checks in code, which are verified at compile-time.
> Would you prefer a runtime check to be added as well?

I’d say the compile-time check suffices, unless this is intended
to be used outside of trusted-keys. But I don’t think this is very likely…

Cheers,
David



More information about the Linux-security-module-archive mailing list