On Tue, Sep 06, 2022 at 12:21:49PM +0530, Pankaj Gupta wrote: > Hardware Bound key(HBK), is never acessible as plain key outside of the ~~~~~~~~~ accesible. > hardware boundary. Thus, it is un-usable, even if somehow fetched > from kernel memory. It ensures run-time security. Why is it called "HBK" here and "hw" in the context of keyctl? > This patchset adds generic support for classing the Hardware Bound Key, > based on: > > - Newly added flag-'is_hbk', added to the tfm. > > Consumer of the kernel crypto api, after allocating > the transformation, sets this flag based on the basis > of the type of key consumer has. > > - This helps to influence the core processing logic > for the encapsulated algorithm. > > - This flag is set by the consumer after allocating > the tfm and before calling the function crypto_xxx_setkey(). > > First implementation is based on CAAM. CAAM is implementation of what exactly? I'm sorry but I don't know your definition of unusable. BR, Jarkko