I would like to have a discussion about provisioning. Right now, it seems that the only way we specify a device identifying itself is by giving its public key, which would require that every device to be provisioned be entered into some kind of database before it could be known.
Instead I'd like to propose that we have a way of storing and retrieving an X.509 certificate, which would have that public key in it, along with a signature chain that could be used to indicate that this device is trusted. This is commonly done in deployed devices, and we might as well add this functionality now.
David
On Tue, Oct 8, 2019 at 5:00 PM Abhishek Pandit via TSC < tsc@lists.trustedfirmware.org> wrote:
Hi All,
Any agenda items for the meeting this week?
Thanks,
Abhishek
TSC mailing list TSC@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tsc
Thanks David. This is the only agenda item at present so I guess it will be a shorter meeting.
From: David Brown david.brown@linaro.org Sent: 09 October 2019 19:00 To: Abhishek Pandit Abhishek.Pandit@arm.com Cc: tsc@lists.trustedfirmware.org Subject: Re: [TF-TSC] TSC Agenda 10 Oct 2019
I would like to have a discussion about provisioning. Right now, it seems that the only way we specify a device identifying itself is by giving its public key, which would require that every device to be provisioned be entered into some kind of database before it could be known.
Instead I'd like to propose that we have a way of storing and retrieving an X.509 certificate, which would have that public key in it, along with a signature chain that could be used to indicate that this device is trusted. This is commonly done in deployed devices, and we might as well add this functionality now.
David
On Tue, Oct 8, 2019 at 5:00 PM Abhishek Pandit via TSC <tsc@lists.trustedfirmware.orgmailto:tsc@lists.trustedfirmware.org> wrote: Hi All,
Any agenda items for the meeting this week?
Thanks, Abhishek -- TSC mailing list TSC@lists.trustedfirmware.orgmailto:TSC@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tsc
-
Abhishek Pandit -
David Brown