Richard Weinberger <richard.weinber...@gmail.com> wrote: > On Wed, Mar 17, 2021 at 3:08 PM Ahmad Fatoum <a.fat...@pengutronix.de> wrote: > > keyctl add trusted $KEYNAME "load $(cat ~/kmk.blob)" @s > > Is there a reason why we can't pass the desired backend name in the > trusted key parameters? > e.g. > keyctl add trusted $KEYNAME "backendtype caam load $(cat ~/kmk.blob)" @s
I wonder... Does it make sense to add a new variant of the add_key() and keyctl_instantiate() syscalls that takes an additional parameter string, separate from the payload blob? key_serial_t add_key2(const char *type, const char *description, const char *params, const void *payload, size_t plen, key_serial_t keyring); which could then by used, say: keyctl add --payload=~/kmk.blob trusted $KEYNAME "backendtype caam load" @s This would then appear in struct key_preparsed_payload { const char *orig_description; char *description; char *params; <--- union key_payload payload; const void *data; size_t datalen; size_t quotalen; time64_t expiry; }; params would then be NULL for add_key(). If add_key2() is not available, the --payload param gets concatenated to the parameters string. Might be too complicated, I guess. Though it might make sense just to do the concatenation inside the keyctl program. David