Hi David, On Tue, 9 Mar 2021 at 22:43, David Howells <dhowe...@redhat.com> wrote: > > Linus Walleij <linus.wall...@linaro.org> wrote: > > > As it seems neither Microsoft nor Apple is paying it much attention > > (+/- new facts) it will be up to the community to define use cases > > for RPMB. I don't know what would make most sense, but the > > kernel keyring seems to make a bit of sense as it is a well maintained > > keyring project. > > I'm afraid I don't know a whole lot about the RPMB. I've just been and read > https://lwn.net/Articles/682276/ about it. > > What is it you envision the keyring API doing with regard to this? Being used > to represent the key needed to access the RPMB or being used to represent an > RPMB entry (does it have entries?)? >
I think it's the former one to represent the RPMB key and it looks like the trusted and encrypted keys subsystem should be useful here to prevent any user-space exposures of the RPMB key. -Sumit > David >
