[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <717795270.139671.1617274418087.JavaMail.zimbra@nod.at>
Date: Thu, 1 Apr 2021 12:53:38 +0200 (CEST)
From: Richard Weinberger <richard@....at>
To: Ahmad Fatoum <a.fatoum@...gutronix.de>
Cc: Jarkko Sakkinen <jarkko@...nel.org>,
horia geanta <horia.geanta@....com>,
Mimi Zohar <zohar@...ux.ibm.com>,
aymen sghaier <aymen.sghaier@....com>,
Herbert Xu <herbert@...dor.apana.org.au>,
davem <davem@...emloft.net>,
James Bottomley <jejb@...ux.ibm.com>,
kernel <kernel@...gutronix.de>,
David Howells <dhowells@...hat.com>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Steffen Trumtrar <s.trumtrar@...gutronix.de>,
Udit Agarwal <udit.agarwal@....com>,
Jan Luebbe <j.luebbe@...gutronix.de>,
david <david@...ma-star.at>,
Franck Lenormand <franck.lenormand@....com>,
Sumit Garg <sumit.garg@...aro.org>,
linux-integrity <linux-integrity@...r.kernel.org>,
"open list, ASYMMETRIC KEYS" <keyrings@...r.kernel.org>,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
linux-kernel <linux-kernel@...r.kernel.org>,
LSM <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP
CAAM-based trusted keys
Ahmad,
----- Ursprüngliche Mail -----
> Do you mean systemd-cryptsetup? It looks to me like it's just a way to supply
> the keyphrase. With trusted keys and a keyphrase unknown to userspace, this
> won't work.
Nah, I meant existing scripts/service Files.
> I don't (yet) see the utility of it without LUKS. Perhaps a command dump on how
> to do the same I did with dmsetup, but with cryptsetup plain instead could
> help me to see the benefits?
My reasoning is simple, why do I need a different tool when there is already one
that could do the task too?
Usually the systems I get my hands on use already dm-crypt with cryptsetup in some way.
So I have the tooling already in my initramfs, etc.. and need to adopt the callers of cryptsetup a little.
If I need all of a sudden different/additional tooling, it means more work, more docs to write,
more hassle with crypto/system reviewers, etc...
I don't want you to force to use cryptsetup.
The only goal was pointing out that it can be done with cryptsetup and that there
is already code such that no work is done twice.
One the kernel side it does not matter.
Thanks,
//richard
Powered by blists - more mailing lists