On Tue, Jan 29, 2019 at 6:35 PM Verma, Vishal L <vishal.l.ve...@intel.com> wrote: > On Thu, 2019-01-24 at 16:07 -0700, Dave Jiang wrote: [..] > > + > > +The updated key blobs will be created by ndctl in {ndctl_keysdir} directory > > +with the file name of "nvdimm_<dimm unique id>_<hostname>.blob". > > + > > +OPTIONS > > +------- > > +<dimm>:: > > +include::xable-dimm-options.txt[] > > + > > +-k:: > > +--key_handle=:: > > + The new encryption key (master) key handle, used for sealing the DIMM > > This doesn't read right. Maybe all of "master key" should have been in > parenthesis? Or the second 'key' is extraneous? (This applies to the > above man page as well). > > > + encrypted keys. The format is <key type>:<key description>. > > Did you mean DIMM's encrypted keys? Or did you mean "used for sealing > (encrypting) the DIMM's keys?
For this exact concern I think the word "key" should be reserved in the documentation for only referring to the key-encryption-key used to generate / protect the encrypted passphrase material. Yes, keyctl refers to the encrypted passphrase material as "keys" and "key blobs", but that's a keyctl internal concern. For ndctl, it's only concerned about the "key" used to generate a "passphrase". So the ask is to audit the man pages and make sure any usage of "key" is referring to the KEK and everything is else only refers to "passphrase", or "passphrase blob" etc. > And is there one key that will be sealed, or multiple? It could be one key for all passphrases, a key per passphrase, or anything in between. This is the motivation to follow on to this set with a capable configuration file that can record the key-to-passphrase relationship. _______________________________________________ Linux-nvdimm mailing list Linux-nvdimm@lists.01.org https://lists.01.org/mailman/listinfo/linux-nvdimm