> -----Original Message----- > From: David Howells <dhowells@xxxxxxxxxx> > Sent: Wednesday, March 6, 2019 6:30 PM > To: Franck Lenormand <franck.lenormand@xxxxxxx> > Cc: dhowells@xxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; linux-security- > module@xxxxxxxxxxxxxxx; keyrings@xxxxxxxxxxxxxxx; Horia Geanta > <horia.geanta@xxxxxxx>; Silvano Di Ninno <silvano.dininno@xxxxxxx>; > agk@xxxxxxxxxx; snitzer@xxxxxxxxxx; dm-devel@xxxxxxxxxx; > jmorris@xxxxxxxxx; serge@xxxxxxxxxx > Subject: Re: [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in > dmcrypt > > Franck LENORMAND <franck.lenormand@xxxxxxx> wrote: > > > The capacity to generate or load keys already available in the Linux > > key retention service does not allows to exploit CAAM capabilities > > hence we need to create a new key_type. The new key type "caam_tk" > allows to: > > - Create a black key from random > > - Create a black key from a red key > > - Load a black blob to retrieve the black key > > Is it possible that this could be done through an existing key type, such as the > asymmetric, trusted or encrypted key typed? > > David Hello David, I didn't know about asymmetric key type so I looked it up, from my observation, it would not be possible to use it for the caam_tk as we must perform operations on the data provided. The name " asymmetric " is also misleading for the use we would have. The trusted and encrypted does not provides the necessary callbacks to do what we would need or require huge modifications. I would like, for this series to focus on the change related to dm-crypt. In effect, it is currently not possible to pass a key from the asymmetric key type to it. Franck -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel
