Re: [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello Richard,

On 30.03.21 23:50, Richard Weinberger wrote:
> Ahmad,
> 
> On Wed, Mar 17, 2021 at 3:08 PM Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> wrote:
> 
>>     TABLE="0 $BLOCKS crypt $ALGO :32:trusted:$KEYNAME 0 $DEV 0 1 allow_discards"
>>     echo $TABLE | dmsetup create mydev
>>     echo $TABLE | dmsetup load mydev
> 
> Do you also plan to add support for this to cryptsetup?
> 
> David and I have added (rough) support for our CAAM/DCP based keyrings
> to cryptsetup:
> https://github.com/sigma-star/cryptsetup/tree/rw/plain
> 
> I'm pretty sure with minimal changes it will work with your recent approach too.

I am using dmsetup directly in my project. I am not familiar with cryptsetup
plain. What benefits do you see with this over direct dmsetup?

What I'd like to see eventually is support for this with LUKS.
There is a RFE on trusted keys and cryptsetup on the project's repository[1].

The behavior I'd want it that the LUKS header would point at the trusted key
blob to use and load it into the kernel. This of course means that
you won't be able to have multiple keys for the encrypted partition.

[1]: https://gitlab.com/cryptsetup/cryptsetup/-/issues/443

Cheers,
Ahmad

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux