Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated

[Jarkko Sakkinen]

On Fri, 2019-08-02 at 15:23 -0500, Tyler Hicks wrote:
> That wasn't the conclusion that I came to. I prefer Robert's proposed
> change to trusted.ko.
> 
> How do you propose that this be fixed in eCryptfs?
> 
> Removing encrypted_key support from eCryptfs is the only way that I can
> see to fix the bug in eCryptfs. That support has been there since 2011.
> I'm not sure of the number of users that would be broken by removing
> encrypted_key support. I don't think the number is high but I can't say
> that confidently.

Looking at the documentation [1] it is stated that

"Encrypted keys do not depend on a TPM, and are faster, as they use AES
for encryption/decryption."

Why would you need to remove support for encrypted keys? Isn't it a
regression in encrypted keys to hard depend on trusted keys given
what the documentation says?

> Roberto, what was your use case when you added encrypted_key support to
> eCryptfs back then? Are you aware of any users of eCryptfs +
> encrypted_keys?
> 
> Jarkko, removing a long-standing feature is potentially more disruptive
> to users than adding a workaround to trusted.ko which already requires a
> similar workaround. I don't think that I agree with you on the proper
> fix here.

There is nothing to disagree or agree. I just try to get the picture
since ecryptfs is relatively alien to me.

[1] https://www.kernel.org/doc/html/v4.13/security/keys/trusted-encrypted.html

/Jarkko