Re: [PATCH 3/4] crypto: caam - add in-kernel interface for blob generator

From: David Gstir
Date: Wed Aug 11 2021 - 06:43:14 EST


Hi Ahmad,

> On 11.08.2021, at 12:22, Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx> wrote:
>
>> Since you already assert that MAX_BLOB_SIZE <= CAAM_BLOB_MAX_LEN
>> in security/keys/trusted-keys/trusted_caam.c, this will never
>> be an issue for CAAM-based trusted-keys though.
> I omitted checks in code, which are verified at compile-time.
> Would you prefer a runtime check to be added as well?

I’d say the compile-time check suffices, unless this is intended
to be used outside of trusted-keys. But I don’t think this is very likely…

Cheers,
David