On Thu, 14 May 2020 at 05:55, Jarkko Sakkinen
[off-list ref] wrote:

On Wed, 2020-05-06 at 15:10 +0530, Sumit Garg wrote:

quoted

Current trusted keys framework is tightly coupled to use TPM device as
an underlying implementation which makes it difficult for implementations
like Trusted Execution Environment (TEE) etc. to provide trusked keys
support in case platform doesn't posses a TPM device.

So this patch tries to add generic trusted keys framework where underlying
implemtations like TPM, TEE etc. could be easily plugged-in.

Suggested-by: Jarkko Sakkinen <redacted>
Signed-off-by: Sumit Garg <redacted>

I tend to agree how this is implemented and could merge it as such.

I'm just thinking if we could refine this patch in a way that instead of
copying TRUSTED_DEBUG macro we could just replace pr_info() statements
with pr_debug()?

AFAIU, TRUSTED_DEBUG being a security sensitive operation is only
meant to be used in development environments and should be strictly
disabled in production environments. But it may not always be true
with pr_debug() with CONFIG_DYNAMIC_DEBUG=y which allows the debug
paths to be compiled into the kernel which can be enabled/disabled at
runtime.

IMO we should keep this TRUSTED_DEBUG macro, so that users are aware
of its security sensitive nature and need to explicitly enable it to
debug.

-Sumit

/Jarkko