On Thu, Apr 01, 2021 at 12:11:32PM +1100, Herbert Xu wrote: > On Wed, Mar 31, 2021 at 04:34:29PM -0700, Eric Biggers wrote: > > On Thu, Apr 01, 2021 at 02:31:46AM +0300, Jarkko Sakkinen wrote: > > > > > > It's a bummer but uapi is the god in the end. Since TPM does not do it > > > today, that behaviour must be supported forever. That's why a boot option > > > AND a warning would be the best compromise. > > > > It's not UAPI if there is no way for userspace to tell if it changed. > > Exactly. UAPI is only an issue if something *breaks*.
If there's even one user that comes shouting that he has a user space configuration, where e.g. rng entropy is consumed constantly and the code assumes that trusted keys does not add to that, then something would break. It would be a crap user space yes, but I don't want to go on reverting because of that. I think there is small but still existing chance that something could break. Why not just add a boot parameter instead of making brutal enforcing changes, indirectly visible to the user space? /Jarkko