> -----Original Message----- > From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > Sent: Tuesday, October 11, 2022 2:34 PM > To: Jason A. Donenfeld <Jason@xxxxxxxxx> > Cc: Pankaj Gupta <pankaj.gupta@xxxxxxx>; jarkko@xxxxxxxxxx; > a.fatoum@xxxxxxxxxxxxxx; gilad@xxxxxxxxxxxxx; jejb@xxxxxxxxxxxxx; > zohar@xxxxxxxxxxxxx; dhowells@xxxxxxxxxx; sumit.garg@xxxxxxxxxx; > david@xxxxxxxxxxxxx; michael@xxxxxxxx; john.ernberg@xxxxxxxx; > jmorris@xxxxxxxxx; serge@xxxxxxxxxx; davem@xxxxxxxxxxxxx; > j.luebbe@xxxxxxxxxxxxxx; ebiggers@xxxxxxxxxx; richard@xxxxxx; > keyrings@xxxxxxxxxxxxxxx; linux-crypto@xxxxxxxxxxxxxxx; linux- > integrity@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; linux-security- > module@xxxxxxxxxxxxxxx; Sahil Malhotra <sahil.malhotra@xxxxxxx>; Kshitiz > Varshney <kshitiz.varshney@xxxxxxx>; Horia Geanta > <horia.geanta@xxxxxxx>; Varun Sethi <V.Sethi@xxxxxxx> > Subject: Re: [EXT] Re: [PATCH v0 3/8] crypto: hbk flags & info added to the > tfm > > Caution: EXT Email > > On Mon, Oct 10, 2022 at 09:15:48AM -0600, Jason A. Donenfeld wrote: > > > > Do you mean to say that other drivers that use hardware-backed keys do > > so by setting "cra_name" to something particular? Like instead of "aes" > > it'd be "aes-but-special-for-this-driver"? If so, that would seem to > > break the design of the crypto API. Which driver did you see that does > > this? Or perhaps, more generally, what are the drivers that Herbert is > > talking about when he mentions the "plenty of existing drivers" that > > already do this? > > Grep for paes for the existing drivers that support this. I don't have anything > against this feature per se, but the last thing we want is a proliferation of > different ways of doing the same thing. Our goal is to have a generic solution, which can be extended to any driver dealing with: - Generating HBK and adding to trusted keyring. - Using the trusted keyring's HBK for crypto operation. With this framework in place, driver specific custom changes can be avoided, bridging the interface-gap of: kernel-keyring <-> kernel-crypto-layer. Thanks. > > Cheers, > -- > Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgondo > r.apana.org.au%2F~herbert%2F&data=05%7C01%7Cpankaj.gupta%40nx > p.com%7C4ef27fc922d04350ca9f08daab67a1a3%7C686ea1d3bc2b4c6fa92cd9 > 9c5c301635%7C0%7C0%7C638010758832054902%7CUnknown%7CTWFpbGZs > b3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn > 0%3D%7C3000%7C%7C%7C&sdata=SOguJ9LGhSCDmspbjDIEzkQLk9Bz% > 2FsS0B%2BLNc4gzRo8%3D&reserved=0 > PGP Key: > https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgondo > r.apana.org.au%2F~herbert%2Fpubkey.txt&data=05%7C01%7Cpankaj.g > upta%40nxp.com%7C4ef27fc922d04350ca9f08daab67a1a3%7C686ea1d3bc2b > 4c6fa92cd99c5c301635%7C0%7C0%7C638010758832054902%7CUnknown%7C > TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiL > CJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hCzT2fPfJ%2BBNVqN6JR > wMx9zNJkqvdRSLrR68ubhCvN4%3D&reserved=0
