[PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

Richard Weinberger richard at nod.at
Thu Apr 1 13:59:26 UTC 2021


----- Ursprüngliche Mail -----
> Von: "Sumit Garg" <sumit.garg at linaro.org>
> In this case why would one prefer to use CAAM when you have standards
> compliant TPM-Chip which additionally offers sealing to specific PCR
> (integrity measurement) values.

I don't think we can dictate what good/sane solutions are and which are not.
Both CAAM and TPM have pros and cons, I don't see why supporting both is a bad idea.

>> > IMHO allowing only one backend at the same time is a little over simplified.
>> It is, but I'd rather leave this until it's actually needed.
>> What can be done now is adopting a format for the exported keys that would
>> make this extension seamless in future.
> +1

As long we don't make multiple backends at runtime impossible I'm
fine and will happily add support for it when needed. :-)


More information about the Linux-security-module-archive mailing list