lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 12 Jul 2019 10:43:38 +0530
From:   Sumit Garg <sumit.garg@...aro.org>
To:     Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
Cc:     keyrings@...r.kernel.org, linux-integrity@...r.kernel.org,
        "open list:HARDWARE RANDOM NUMBER GENERATOR CORE" 
        <linux-crypto@...r.kernel.org>,
        linux-security-module@...r.kernel.org, dhowells@...hat.com,
        Herbert Xu <herbert@...dor.apana.org.au>, davem@...emloft.net,
        jejb@...ux.ibm.com, Mimi Zohar <zohar@...ux.ibm.com>,
        jmorris@...ei.org, serge@...lyn.com,
        Casey Schaufler <casey@...aufler-ca.com>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        Daniel Thompson <daniel.thompson@...aro.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        tee-dev@...ts.linaro.org
Subject: Re: [RFC/RFT] KEYS: trusted: Add generic trusted keys framework

On Fri, 12 Jul 2019 at 00:52, Jarkko Sakkinen
<jarkko.sakkinen@...ux.intel.com> wrote:
>
> On Fri, Jul 05, 2019 at 08:02:34PM +0530, Sumit Garg wrote:
> > Current trusted keys framework is tightly coupled to use TPM device as
> > an underlying implementation which makes it difficult for implementations
> > like Trusted Execution Environment (TEE) etc. to provide trusked keys
> > support in case platform doesn't posses a TPM device.
> >
> > So this patch tries to add generic trusted keys framework where underlying
> > implemtations like TPM, TEE etc. could be easily plugged-in.
> >
> > Suggested-by: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
>
> 1. Needs to be somehow dissected into digestable/reviewable pieces.

Sure, will try to split this patch in next version.

> 2. As a precursory step probably would make sense to move all
>    existing trusted keys code into one subsystem first.

Okay.

-Sumit

>
> /Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ