On Thu, 1 Apr 2021 at 19:29, Richard Weinberger <richard@xxxxxx> wrote: > > Sumit, > > ----- Ursprüngliche Mail ----- > > Von: "Sumit Garg" <sumit.garg@xxxxxxxxxx> > > In this case why would one prefer to use CAAM when you have standards > > compliant TPM-Chip which additionally offers sealing to specific PCR > > (integrity measurement) values. > > I don't think we can dictate what good/sane solutions are and which are not. > Both CAAM and TPM have pros and cons, I don't see why supporting both is a bad idea. I didn't mean to say that supporting both is a bad idea but rather I was looking for use-cases where one time selection of the best trust source (whether it be a TPM or TEE or CAAM etc.) for a platform wouldn't suffice for user needs. > > >> > IMHO allowing only one backend at the same time is a little over simplified. > >> > >> It is, but I'd rather leave this until it's actually needed. > >> What can be done now is adopting a format for the exported keys that would > >> make this extension seamless in future. > >> > > > > +1 > > As long we don't make multiple backends at runtime impossible I'm > fine and will happily add support for it when needed. :-) > You are most welcome to add such support. I will be happy to review it. -Sumit > Thanks, > //richard
