Re: [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sumit,

----- Ursprüngliche Mail -----
> Von: "Sumit Garg" <sumit.garg@xxxxxxxxxx>
> In this case why would one prefer to use CAAM when you have standards
> compliant TPM-Chip which additionally offers sealing to specific PCR
> (integrity measurement) values.

I don't think we can dictate what good/sane solutions are and which are not.
Both CAAM and TPM have pros and cons, I don't see why supporting both is a bad idea.

>> > IMHO allowing only one backend at the same time is a little over simplified.
>>
>> It is, but I'd rather leave this until it's actually needed.
>> What can be done now is adopting a format for the exported keys that would
>> make this extension seamless in future.
>>
> 
> +1

As long we don't make multiple backends at runtime impossible I'm
fine and will happily add support for it when needed. :-)

Thanks,
//richard



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux