On Wed, Oct 19, 2022 at 09:26:05PM -0700, Eric Biggers wrote: > Are you referring to the support for hardware-wrapped inline crypto keys? It > isn't upstream yet, but my latest patchset is at > https://lore.kernel.org/linux-fscrypt/20220927014718.125308-2-ebiggers@xxxxxxxxxx/T/#u. > There's also a version of it used by some Android devices already. Out of > curiosity, are you using it in an Android device, or have you adopted it in some > other downstream? Unrelated to Android, similar functionality, but slightly different ultimate purpose. We are going to be sending a fscrypt patch series for mlx5 and nvme soonish. > > Yes, it would be nice to see a comprehensive understand on how HW > > resident keys can be modeled in the keyring. > > Note that the keyrings subsystem is not as useful as it might seem. It sounds > like something you want (you have keys, and there is a subsystem called > "keyrings", so it should be used, right?), but often it isn't. fscrypt has > mostly moved away from using it, as it caused lots of problems. I would caution > against assuming that it needs to be part of any solution. That sounds disappointing that we are now having parallel ways for the admin to manipulate kernel owned keys. Jason