[PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys

Richard Weinberger richard at nod.at
Thu Apr 1 13:17:45 UTC 2021


----- Ursprüngliche Mail -----
> Von: "Sumit Garg" <sumit.garg at linaro.org>
> IIUC, this would require support for multiple trusted keys backends at
> runtime but currently the trusted keys subsystem only supports a
> single backend which is selected via kernel module parameter during
> boot.
> So the trusted keys framework needs to evolve to support multiple
> trust sources at runtime but I would like to understand the use-cases
> first. IMO, selecting the best trust source available on a platform
> for trusted keys should be a one time operation, so why do we need to
> have other backends available at runtime as well?

I thought about devices with a TPM-Chip and CAAM.
IMHO allowing only one backend at the same time is a little over simplified. 


More information about the Linux-security-module-archive mailing list