On 04/27/2017 05:09 PM, Hendrik Brueckner wrote:> > Of course, I think it is and I would be glad when we can work together > on a solution. Hi, so I finally got through the discussion and the patches. And no, I think this should not be a part of the cryptsetup core as it is. I mentioned some reasons in the comment for merge request: https://gitlab.com/cryptsetup/cryptsetup/merge_requests/19 I understand that this is interesting for IBM to have supported in enterprise distros. I would like to have some support for this feature as well but not the way it will complicate code for others and makes it HW-dependent for everyone. I have mentioned some possible way how to do it in the comment as well. (I think some external application linked to libcryptsetup, and then handling your pAES algorithm and wrapped key just as an another encryption algorithm is much cleaner.) The pAES (and PKEY ioctls) are currently only available on IBM s390 (and I guess only on some models; guessing from Linux kernel sources), so this is enterprise only thing. BTW does Hercules emulator support this so a regular user can try the HSM interface? (I have probably access it to the real HW if needed but for other people.) Thanks for patches and discussion anyway! Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
