Dave Jiang <[email protected]> wrote:
> In order to do this, I would need to do a key_add() in userspace to add
Well, add_key().
> a new key with the new payload before I can initiate update correct? So
> for an update it would look something like:
> 1. (user) add key with new payload
> 2. (user) lookup old key
You don't technically need the old key - just a key with the old password in
it. It doesn't need to have any useful description since you're providing it
directly.
> 3. (user) write to sysfs update attrib: "update:<old id>:<new id>"
> 4. (kernel) check old_id against cached key and make sure they match
> 5. (kernel) check new key desc against old key and make sure they match
> 6. (kernel) update to hardware
> 6. (kernel) when success, link the new key to the kernel keyring and
> it'll replace the old key?
Yep - provided it has the same description. A keyring can only keep one key
of any {type, description} at any one time. Adding a second will displace the
first.
David
_______________________________________________
Linux-nvdimm mailing list
[email protected]
https://lists.01.org/mailman/listinfo/linux-nvdimm
