> -----Original Message----- > From: David Howells <[email protected]> > Sent: Wednesday, March 6, 2019 6:30 PM > To: Franck Lenormand <[email protected]> > Cc: [email protected]; [email protected]; linux-security- > [email protected]; [email protected]; Horia Geanta > <[email protected]>; Silvano Di Ninno <[email protected]>; > [email protected]; [email protected]; [email protected]; > [email protected]; [email protected] > Subject: Re: [RFC PATCH 0/2] Create CAAM HW key in linux keyring and use in > dmcrypt > > Franck LENORMAND <[email protected]> wrote: > > > The capacity to generate or load keys already available in the Linux > > key retention service does not allows to exploit CAAM capabilities > > hence we need to create a new key_type. The new key type "caam_tk" > allows to: > > - Create a black key from random > > - Create a black key from a red key > > - Load a black blob to retrieve the black key > > Is it possible that this could be done through an existing key type, such as > the > asymmetric, trusted or encrypted key typed? > > David
Hello David, I didn't know about asymmetric key type so I looked it up, from my observation, it would not be possible to use it for the caam_tk as we must perform operations on the data provided. The name " asymmetric " is also misleading for the use we would have. The trusted and encrypted does not provides the necessary callbacks to do what we would need or require huge modifications. I would like, for this series to focus on the change related to dm-crypt. In effect, it is currently not possible to pass a key from the asymmetric key type to it. Franck
