On Thu, Oct 06, 2022 at 18:38:35 +0530, Pankaj Gupta wrote: > - CAAM supports two types of black keys: > -- Plain key encrypted with ECB > -- Plain key encrypted with CCM What is a "black key"? Is this described in the documentation or local comments at all? (I know I'm unfamiliar with CAAM, but maybe this should be mentioned somewhere?). > Note: Due to robustness, default encytption used for black key is CCM. ^^^^^^^^^^ encryption What "robustness"? Surely there's some more technical details involved here? > - A black key blob is generated, and added to trusted key payload. > This is done as part of sealing operation, that was triggered as a result of: > -- new key generation > -- load key, It seems that "black keys" are what the uapi calls "hw". I think this should be mentioned in the commit message (and CAAM docs). What do other keytypes do if `hw` is requested and it's not possible (say, `big_key`)? Thanks, --Ben