On Thu, Jan 10, 2019 at 12:39:58AM +0800, joeyli wrote: > Hi Andy, > [...snip] > > Let's why I encrypt/decrypt data pages one by one, then I copy the ^^^^^^^ That's why
> encrypt/decrypt data from buffer page (only one buffer page reserved > for encrypt/decrypt) to original page. I encreypt pages one by one, but > I HMAC and verify the whole snapshot image by update mode. > [...snip] > > > Why are you manually supporting three different key types? Can’t you > > just somehow support all key types? And shouldn’t you be verifying > > I only supported two key typs in my patch set, user defined key and > TPM trusted key. The EFI secure boot did not accept by EFI subsystem. ^^^^^^^^^^^^^^^^^^^ EFI secure key https://lkml.org/lkml/2018/8/5/10 Sorry for I produced too many typo when feeling sleepy... Thanks a lot! Joey Lee