On Tue, 2019-01-29 at 18:59 -0800, Dan Williams wrote: > On Tue, Jan 29, 2019 at 6:35 PM Verma, Vishal L > <vishal.l.ve...@intel.com> wrote: > > On Thu, 2019-01-24 at 16:07 -0700, Dave Jiang wrote: > [..] > > > + > > > +The updated key blobs will be created by ndctl in {ndctl_keysdir} > > > directory > > > +with the file name of "nvdimm_<dimm unique id>_<hostname>.blob". > > > + > > > +OPTIONS > > > +------- > > > +<dimm>:: > > > +include::xable-dimm-options.txt[] > > > + > > > +-k:: > > > +--key_handle=:: > > > + The new encryption key (master) key handle, used for sealing the > > > DIMM > > > > This doesn't read right. Maybe all of "master key" should have been in > > parenthesis? Or the second 'key' is extraneous? (This applies to the > > above man page as well). > > > > > + encrypted keys. The format is <key type>:<key description>. > > > > Did you mean DIMM's encrypted keys? Or did you mean "used for sealing > > (encrypting) the DIMM's keys? > > For this exact concern I think the word "key" should be reserved in > the documentation for only referring to the key-encryption-key used to > generate / protect the encrypted passphrase material. > > Yes, keyctl refers to the encrypted passphrase material as "keys" and > "key blobs", but that's a keyctl internal concern. For ndctl, it's > only concerned about the "key" used to generate a "passphrase". So the > ask is to audit the man pages and make sure any usage of "key" is > referring to the KEK and everything is else only refers to > "passphrase", or "passphrase blob" etc.
Yes I think that makes sense and should clarify everything a lot! > > > And is there one key that will be sealed, or multiple? > > It could be one key for all passphrases, a key per passphrase, or > anything in between. This is the motivation to follow on to this set > with a capable configuration file that can record the > key-to-passphrase relationship. _______________________________________________ Linux-nvdimm mailing list Linux-nvdimm@lists.01.org https://lists.01.org/mailman/listinfo/linux-nvdimm