Thread (71 messages) 71 messages, 13 authors, 2021-04-02

Re: [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

From: Sumit Garg <hidden>
Date: 2021-04-01 18:10:52
Also in: keyrings, linux-integrity, linux-security-module, lkml 

On Thu, 1 Apr 2021 at 19:29, Richard Weinberger [off-list ref] wrote:
Sumit,

----- Ursprüngliche Mail -----
quoted
Von: "Sumit Garg" [off-list ref]
In this case why would one prefer to use CAAM when you have standards
compliant TPM-Chip which additionally offers sealing to specific PCR
(integrity measurement) values.
I don't think we can dictate what good/sane solutions are and which are not.
Both CAAM and TPM have pros and cons, I don't see why supporting both is a bad idea.
I didn't mean to say that supporting both is a bad idea but rather I
was looking for use-cases where one time selection of the best trust
source (whether it be a TPM or TEE or CAAM etc.) for a platform
wouldn't suffice for user needs.

quoted
quoted
quoted
IMHO allowing only one backend at the same time is a little over simplified.
It is, but I'd rather leave this until it's actually needed.
What can be done now is adopting a format for the exported keys that would
make this extension seamless in future.
+1
As long we don't make multiple backends at runtime impossible I'm
fine and will happily add support for it when needed. :-)
You are most welcome to add such support. I will be happy to review it.

-Sumit

Thanks,
//richard
  



    
  

  
    

      

        Keyboard shortcuts
      

      

        
          
hback out one level

          
jnext message in thread

          
kprevious message in thread

          
ldrill in

          
Escclose help / fold thread tree

          
?toggle this help