[Tee-dev] [RFC v2 0/6] Introduce TEE based Trusted Keys support
Janne Karhunen
janne.karhunen at gmail.com
Thu Aug 1 08:30:05 UTC 2019
On Thu, Aug 1, 2019 at 10:58 AM Sumit Garg <sumit.garg at linaro.org> wrote:
> > Anyway, just my .02c. I guess having any new support in the kernel for
> > new trust sources is good and improvement from the current state. I
> > can certainly make my stuff work with your setup as well, what ever
> > people think is the best.
>
> Yes your implementation can very well fit under trusted keys
> abstraction framework without creating a new keytype: "ext-trusted".
The fundamental problem with the 'standardized kernel tee' still
exists - it will never be generic in real life. Getting all this in
the kernel will solve your problem and sell this particular product,
but it is quite unlikely to help that many users. If the security is
truly important to you, would you really trust any of this code to
someone else? In this day and age, I really doubt many do. Everyone
does their own thing, so this is why I really see all that as a
userspace problem.
--
Janne
More information about the Linux-security-module-archive
mailing list