On Wed, Feb 02, 2022 at 09:36:53AM +0100, Gerd Hoffmann wrote: > Having a "secrets/" directory looks good to me. Then the individual > implementations can either add files to the directory, i.e. efi_secrets > would create "secrets/<guid>" files. Or each implementation creates a > subdirectory with the secrets, i.e. "secrets/coco/" and > "secrets/coco/<guid>". I prefer a subdirectory, on the basis that we could conceivably end up with more than one implementation on a single device at some point, and also because it makes it trivial for userland to determine what the source is which may make a semantic difference under certain circumstances. > Longer-term (i.e once we have more than one implementation) we probably > need a separate module which owns and manages the "secrets/" directory, > and possibly provides some common helper functions too. Agree.
