Hi Integrity team,
IMA is working fine in our embedded linux product and now we are trying to implement EVM. Our system does not have TPM but have trustzone and crypto engine. My question is:
1. What is the standard practice to generate and load evm-key in systems that does not have TPM.
2. Suppose we have an encrypted key which has been decrypted and loaded in kernel. Isn't it an attacker can analyse RAM and get the evm-key. Am I missing something here.
Regards,
Rishi
