From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <corsac@debian.org>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 0mXOTo_W-eSL for <dm-crypt@saout.de>;
 Wed, 24 Aug 2011 09:58:37 +0200 (CEST)
Received: from molly.corsac.net (molly.corsac.net [IPv6:2002:4ec0:442e::1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Wed, 24 Aug 2011 09:58:36 +0200 (CEST)
Received: from [192.168.24.20] (plateformev6-124-46.pck.nerim.net
 [62.212.124.46])
 by molly.corsac.net (Postfix) with ESMTPSA id 2E9BB8333C
 for <dm-crypt@saout.de>; Wed, 24 Aug 2011 09:58:20 +0200 (CEST)
From: Yves-Alexis Perez <corsac@debian.org>
Date: Wed, 24 Aug 2011 09:58:34 +0200
In-Reply-To: <4E54AD6B.3070300@redhat.com>
References: <4E536F5E.7020003@gmail.com> <20110823130508.GB21623@tansi.org>
 <4E54AD6B.3070300@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Message-ID: <1314172715.31328.1.camel@oban>
Mime-Version: 1.0
Subject: Re: [dm-crypt] unlocking dm-crypt from grub - kernel in crypted
 volume
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On mer., 2011-08-24 at 09:51 +0200, Milan Broz wrote:
> But I would like to add here concept of "passphrase handle"
> IOW userspace will just hand over handle (id)
> to some other subsystem where the key is stored
> (Could be kernel keyring, some token, whatever). 

And the kernel recently gained support for TRUSTED_KEYS for storing
stuff sealed in a TPM.

Regards,
-- 
Yves-Alexis