Hi, We're exploring fscrypt, and we were hoping to make use of a trusted key [1] so that we could avoid exposing the master key to userspace. I found a patch [2] from a couple of years ago adding this support. However, trusted keys in the kernel seem to be tied to the keyring, which is not used for v2 encryption policies. Seeing as v1 policies are considered deprecated, what would be the way to move forward with this feature? Would it make sense to add minimal keyring integration for v2 policies in order to support this use case? Thanks! 1: https://www.kernel.org/doc/html/latest/security/keys/trusted-encrypted.html 2: https://lore.kernel.org/linux-fscrypt/20180118131359.8365-1-git@xxxxxxxxxx/
|