On Mon, 2019-10-07 at 02:52 +0300, Jarkko Sakkinen wrote: > > With TEE coming in, TPM is not the only hardware measure anymore sealing > the keys and we don't want a mess where every hardware asset does their > own proprietary key generation. The proprietary technology should only > take care of the sealing part. I'm fine with the concept of "trusted" keys being extended beyond just TPM. But just as the VFS layer defines a set of callbacks and generic functions, which can be used in lieu of file system specific callback functions, a similar approach could be used here. Mimi
