On Thu, 13 Jun 2019 at 21:02, Jarkko Sakkinen
[off-list ref] wrote:

On Thu, Jun 13, 2019 at 04:00:30PM +0530, Sumit Garg wrote:

quoted

Add support for TEE based trusted keys where TEE provides the functionality
to seal and unseal trusted keys using hardware unique key.

Refer to Documentation/tee.txt for detailed information about TEE.

Approach taken in this patch acts as an alternative to a TPM device in case
platform doesn't possess one.

Signed-off-by: Sumit Garg <redacted>

How does this interact with the trusted module? Why there is no update
to security/keys/trusted-encrypted.txt?

You already found documentation patch [1].

Somehow the existing trusted module needs to be re-architected to work
with either. Otherwise, this will turn out to be a mess.

See my reply on this patch [1].

[1] [RFC 6/7] doc: keys: Document usage of TEE based Trusted Keys

-Sumit

/Jarkko