[Cc'ing James Bottomley] On Sun, 2018-07-29 at 23:46 +0530, rishi gupta wrote: > Hi Integrity team, > > IMA is working fine in our embedded linux product and now we are trying to > implement EVM. Our system does not have TPM but have trustzone and crypto > engine. My question is: > > 1. What is the standard practice to generate and load evm-key in systems > that does not have TPM. TPMs are really cheap. Convince your product group to include a TPM? "encrypted" keys can be decrypted either by a "trusted" or a "user" type key, but the latter is not considered safe and should be limited to test environments. Udit Agarwal recently suggested defining a new key type named "secure" keys, but didn't explain what made them secure. The "secure" key type was limited to CAAM. > 2. Suppose we have an encrypted key which has been decrypted and loaded in > kernel. Isn't it an attacker can analyse RAM and get the evm-key. Am I > missing something here. No, what you're saying is true. In a secure, locked down environment analyzing kernel memory (should still) requires root privileges. Mimi
