On Wed, Jul 31, 2019 at 5:23 PM Sumit Garg <sumit.garg@xxxxxxxxxx> wrote: > > I guess my wording was wrong, tried to say that physical TEEs in the > > wild vary massively hardware wise. Generalizing these things is rough. > > > > There are already well defined GlobalPlatform Standards to generalize > the TEE interface. One of them is GlobalPlatform TEE Client API [1] > which provides the basis for this TEE interface. I'm aware of it - I have implemented a large part of the GP TEE APIs earlier (primarily the crypto functions). Does the TEE you work with actually support GP properly? Can I take a look at the code? Normally the TEE implementations are well-guarded secrets and the state of the implementation is quite random. In many cases keeping things secret is fine from my point of view, given that it is a RoT after all. The secrecy is the core business here. So, this is why I opted the userspace 'secret' route - no secrets in the kernel, but it's fine for the userspace. Umh was a logical fit to implement it. -- Janne