Re: [PATCH v1 0/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
From: Richard Weinberger
Date: Thu Apr 01 2021 - 13:42:23 EST
Sumit,
----- Ursprüngliche Mail -----
> Von: "Sumit Garg" <sumit.garg@xxxxxxxxxx>
> In this case why would one prefer to use CAAM when you have standards
> compliant TPM-Chip which additionally offers sealing to specific PCR
> (integrity measurement) values.
I don't think we can dictate what good/sane solutions are and which are not.
Both CAAM and TPM have pros and cons, I don't see why supporting both is a bad idea.
>> > IMHO allowing only one backend at the same time is a little over simplified.
>>
>> It is, but I'd rather leave this until it's actually needed.
>> What can be done now is adopting a format for the exported keys that would
>> make this extension seamless in future.
>>
>
> +1
As long we don't make multiple backends at runtime impossible I'm
fine and will happily add support for it when needed. :-)
Thanks,
//richard