7 Oct
2019
7 Oct
'19
6:08 p.m.
On Mon, 2019-10-07 at 02:52 +0300, Jarkko Sakkinen wrote:
With TEE coming in, TPM is not the only hardware measure anymore sealing the keys and we don't want a mess where every hardware asset does their own proprietary key generation. The proprietary technology should only take care of the sealing part.
I'm fine with the concept of "trusted" keys being extended beyond just TPM. But just as the VFS layer defines a set of callbacks and generic functions, which can be used in lieu of file system specific callback functions, a similar approach could be used here.
Mimi