From: Marek Vasut <marex@denx.de>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Jay Monkman <jay.monkman@freescale.com>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: Re: Crypto driver -DCP
Date: Mon, 8 Jun 2015 10:45:53 +0200 [thread overview]
Message-ID: <201506081045.53449.marex@denx.de> (raw)
In-Reply-To: <20150608045200.GA25459@gondor.apana.org.au>
On Monday, June 08, 2015 at 06:52:00 AM, Herbert Xu wrote:
> On Fri, Jun 05, 2015 at 04:38:03PM +0200, Marek Vasut wrote:
> > In general, it would probably make sense to add a flag to .setkey() to
> > store the key in a keyslot. The keyslot allocation would be up to the
> > driver. In case all keyslots would be full, the setkey() with the flag
> > set would simply fail. This would imply you would need to have a
> > counterpart function to .setkey() to free keyslots -- something like
> > .unsetkey() .
>
> Changing setkey is going to cause too much churn. In any case
> I don't think these key slots should be written to by the kernel
> since the intention appears to be for entites outside the kernel
> to place secret keys in there that can then be used but not read
> by the kernel.
You mean like bootloader or you mean userspace code ? Maybe Jay
can explain how these slots are intended to be used. I'd like to
know the expected usecase.
> So as far as the kernel is concerned these are constant keys.
>
> Therefore there should be no need for unsetkey.
>
> So perhaps just add a new call setkey_slot that is optional and
> only needs to be implemented by drivers such as ccp.
Might work as well ... but let's maybe wait for the usecase.
Best regards,
Marek Vasut
prev parent reply other threads:[~2015-06-08 8:45 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <554BBD05.3050807@freescale.com>
[not found] ` <201505080220.56630.marex@denx.de>
[not found] ` <55673BF4.3040108@freescale.com>
2015-05-28 18:27 ` Crypto driver -DCP Marek Vasut
[not found] ` <20150529003700.GC14942@gondor.apana.org.au>
2015-05-29 0:40 ` Marek Vasut
2015-05-29 0:45 ` Herbert Xu
2015-05-29 1:00 ` Marek Vasut
2015-05-29 1:23 ` Herbert Xu
2015-05-29 1:29 ` Marek Vasut
2015-05-29 1:32 ` Herbert Xu
2015-05-29 13:02 ` Marek Vasut
2015-05-29 13:30 ` Herbert Xu
2015-06-01 13:24 ` Marek Vasut
2015-06-01 14:50 ` Herbert Xu
2015-06-03 12:54 ` Marek Vasut
2015-06-02 18:57 ` Jay Monkman
2015-06-03 2:11 ` Herbert Xu
2015-06-03 20:02 ` Jay Monkman
2015-06-04 3:24 ` Herbert Xu
2015-06-04 15:34 ` Marek Vasut
2015-06-05 3:54 ` Herbert Xu
2015-06-05 14:38 ` Marek Vasut
2015-06-08 4:52 ` Herbert Xu
2015-06-08 8:45 ` Marek Vasut [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201506081045.53449.marex@denx.de \
--to=marex@denx.de \
--cc=herbert@gondor.apana.org.au \
--cc=jay.monkman@freescale.com \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.