[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <CUOY5SZYGRV4.1FN39XMJ2I3VP@wks-101042-mac.ad.tuni.fi>
Date: Thu, 10 Aug 2023 17:50:10 +0300
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Dan Williams" <dan.j.williams@...el.com>,
"James Bottomley" <James.Bottomley@...senpartnership.com>,
<dhowells@...hat.com>
Cc: "Brijesh Singh" <brijesh.singh@....com>,
"Kuppuswamy Sathyanarayanan"
<sathyanarayanan.kuppuswamy@...ux.intel.com>,
"Peter Zijlstra" <peterz@...radead.org>,
"Tom Lendacky" <thomas.lendacky@....com>,
"Dionna Amalie Glaze" <dionnaglaze@...gle.com>,
"Borislav Petkov" <bp@...en8.de>,
"Samuel Ortiz" <sameo@...osinc.com>,
"Greg Kroah-Hartman" <gregkh@...uxfoundation.org>,
"Andrew Morton" <akpm@...ux-foundation.org>,
<linux-coco@...ts.linux.dev>, <keyrings@...r.kernel.org>,
<x86@...nel.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 0/4] keys: Introduce a keys frontend for attestation
reports
On Tue Aug 8, 2023 at 2:33 AM EEST, Dan Williams wrote:
> James Bottomley wrote:
> > On Fri, 2023-08-04 at 19:37 -0700, Dan Williams wrote:
> > > James Bottomley wrote:
> > > [..]
> > > > > This report interface on the other hand just needs a single ABI
> > > > > to retrieve all these vendor formats (until industry
> > > > > standardization steps in) and it needs to be flexible (within
> > > > > reason) for all the TSM-specific options to be conveyed. I do not
> > > > > trust my ioctl ABI minefield avoidance skills to get that right.
> > > > > Key blob instantiation feels up to the task.
> > > >
> > > > To repeat: there's nothing keylike about it.
> > >
> > > From that perspective there's nothing keylike about user-keys either.
> >
> > Whataboutism may be popular in politics at the moment, but it shouldn't
> > be a justification for API abuse: Just because you might be able to
> > argue something else is an abuse of an API doesn't give you the right
> > to abuse it further.
>
> That appears to be the disagreement, that the "user" key type is an
> abuse of the keyctl subsystem. Is that the general consensus that it was
> added as a mistake that is not be repeated?
>
> Otherwise there is significant amount of thought that has gone into
> keyctl including quotas, permissions, and instantiation flows.
I would focus on just fixing known obvious issues in the patch set and
improve the description what it does.
This looks like a discussion where the patch set is not advertised in
a way that it is understandable, not necessarily that it is all wrong.
E.g. why not name the key type as attestation key or something more
intuitive rather than three letter acronym?
I don't think this will converge to anything with argumentation in the
current state of where we are right now.
BR, Jarkko
Powered by blists - more mailing lists