Sumit, ----- Ursprüngliche Mail ----- > Von: "Sumit Garg" <sumit.g...@linaro.org> > IIUC, this would require support for multiple trusted keys backends at > runtime but currently the trusted keys subsystem only supports a > single backend which is selected via kernel module parameter during > boot. > > So the trusted keys framework needs to evolve to support multiple > trust sources at runtime but I would like to understand the use-cases > first. IMO, selecting the best trust source available on a platform > for trusted keys should be a one time operation, so why do we need to > have other backends available at runtime as well?
I thought about devices with a TPM-Chip and CAAM. IMHO allowing only one backend at the same time is a little over simplified. Thanks, //richard