[PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
Sumit Garg
sumit.garg at linaro.org
Thu Apr 1 12:55:03 UTC 2021
Hi Richard,
On Wed, 31 Mar 2021 at 03:34, Richard Weinberger
<richard.weinberger at gmail.com> wrote:
>
> Ahmad,
>
> On Wed, Mar 17, 2021 at 3:08 PM Ahmad Fatoum <a.fatoum at pengutronix.de> wrote:
> > keyctl add trusted $KEYNAME "load $(cat ~/kmk.blob)" @s
>
> Is there a reason why we can't pass the desired backend name in the
> trusted key parameters?
> e.g.
> keyctl add trusted $KEYNAME "backendtype caam load $(cat ~/kmk.blob)" @s
>
IIUC, this would require support for multiple trusted keys backends at
runtime but currently the trusted keys subsystem only supports a
single backend which is selected via kernel module parameter during
boot.
So the trusted keys framework needs to evolve to support multiple
trust sources at runtime but I would like to understand the use-cases
first. IMO, selecting the best trust source available on a platform
for trusted keys should be a one time operation, so why do we need to
have other backends available at runtime as well?
-Sumit
> --
> Thanks,
> //richard
More information about the Linux-security-module-archive
mailing list