Hi Ahmad, > On 09.08.2021, at 12:16, Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> wrote: [...] > If it interests you, I described[2] my CAAM+ubifs+fscrypt use case in the > discussion thread on my fscrypt-trusted-keys v1. Jan, a colleague of mine, held a > talk[3] on the different solutions for authenticated and encrypted storage, which > you may want to check out. > > I'd really appreciate feedback here on the the CAAM parts of this series, so this can > eventually go mainline. Since you mention the fscrypt trusted-keys use case: I noticed that the key length for trusted-keys is limited to 256 - 1024bit keys. fscrypt does however also support keys with e.g. 128bit keys (AES-128-CBC-ESSIV, AES-128-CTS-CBC). AFAIK, CAAM and TEE key blobs would also support key lengths outside the 256 - 1024bit range. Wouldn’t it make sense to align the supported key lengths? I.e. extend the range of supported key lengths for trusted keys. Or is there a specific reason why key lengths below 256bit are not supported by trusted-keys? Cheers, David
