Re: [PATCH v2 1/2] security/keys/secure_key: Adds the secure key support based on CAAM.

From: Mimi Zohar
Date: Fri Aug 03 2018 - 11:23:59 EST

Next message: Peter Zijlstra: "Re: [PATCH 0/2] x86/intel_rdt and perf/x86: Fix lack of coordination with perf"
Previous message: Theodore Y. Ts'o: "Re: [dm-devel] LVM snapshot broke between 4.14 and 4.16"
In reply to: David Howells: "Re: [PATCH v2 1/2] security/keys/secure_key: Adds the secure key support based on CAAM."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2018-08-03 at 15:55 +0100, David Howells wrote:
> Mimi Zohar <zohar@xxxxxxxxxxxxx> wrote:
>
> > "trusted" keys are currently being used to decrypt other keys (eg.
> > encrypted, ecryptfs, ...).
>
> Can it decrypt both symmetric and asymmetric keys?

Yes, the "trusted" key is returned to the caller and is used to
decrypt a datablob.

For an example, refer toÂencrypted_key_decrypt(). ÂThe call
toÂrequest_master_key() returns either the "trusted" or "user" type
key, which is used to decrypt the "enccrypted" key type.

Mimi

Next message: Peter Zijlstra: "Re: [PATCH 0/2] x86/intel_rdt and perf/x86: Fix lack of coordination with perf"
Previous message: Theodore Y. Ts'o: "Re: [dm-devel] LVM snapshot broke between 4.14 and 4.16"
In reply to: David Howells: "Re: [PATCH v2 1/2] security/keys/secure_key: Adds the secure key support based on CAAM."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]