Hello Richard, On 31.03.21 20:35, Richard Weinberger wrote: > Ahmad, > > On Tue, Mar 16, 2021 at 6:24 PM Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> wrote: >> +#define KEYMOD "kernel:trusted" > > why is the CAAM key modifier hard coded? > I'd love to have way to pass my own modifier. > > That way existing blobs can also be used with this implementation. > IIRC the NXP vendor tree uses "SECURE_KEY" as default modifier. Being binary compatible with other implementations is not an objective for this patch set. If you need to migrate I'd suggest to get out a clear text password and side-load it into the trusted key framework. Jan and Mimi discussed this some weeks back: https://lore.kernel.org/linux-integrity/e8f149cddce55a4e4615396108e4c900cbec75a8.camel@xxxxxxxxxxxxxx/ There's no code to implement this yet though. Cheers, Ahmad -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
