On Thu, 1 Aug 2019 at 14:00, Janne Karhunen <janne.karhunen@xxxxxxxxx> wrote: > > On Thu, Aug 1, 2019 at 10:58 AM Sumit Garg <sumit.garg@xxxxxxxxxx> wrote: > > > > Anyway, just my .02c. I guess having any new support in the kernel for > > > new trust sources is good and improvement from the current state. I > > > can certainly make my stuff work with your setup as well, what ever > > > people think is the best. > > > > Yes your implementation can very well fit under trusted keys > > abstraction framework without creating a new keytype: "ext-trusted". > > The fundamental problem with the 'standardized kernel tee' still > exists - it will never be generic in real life. Getting all this in > the kernel will solve your problem and sell this particular product, > but it is quite unlikely to help that many users. If the security is > truly important to you, would you really trust any of this code to > someone else? In this day and age, I really doubt many do. There are already multiple platforms supported by OP-TEE [1] which could benefit from this trusted keys interface. > Everyone > does their own thing, so this is why I really see all that as a > userspace problem. > IMO, we should try to use standardized interfaces which are well thought off rather than implementing your own. [1] https://optee.readthedocs.io/general/platforms.html -Sumit > > -- > Janne
