Menu
▾
▴
Re: [Opensc-devel] Crypto Chip Support imaginable ?
|
From: David W. <dw...@in...> - 2016-06-15 19:04:10
|
On Wed, 2016-06-15 at 15:24 +0200, Anders Rundgren wrote: > > Since Intel have firmware in their CPUs it seems that Intel is the > party that should enable this capability... Intel has SGX, which theoretically allows you do do basically the same thing as I described to Peter, purely in a software enclave. You could just store your keys in a PKCS#11 token and your keys would be magically bound to the hardware to prevent copying them, in exactly the same way. If only there was someone from Intel who was interested in that use case. Of course, even while they were tilting at windmills internally to fix the SGX signing model and make it possible to ship open source code to use such an enclave in a PKCS#11 token, they'd probably have their work cut out making PKCS#11 a first-class citizen in the open source world so that it's *feasible* to just use a key from PKCS#11 instead of a filename, for various applications and crypto libraries. https://fedoraproject.org/wiki/PackageMaintainers/PKCS11 https://bugzilla.gnome.org/show_bug.cgi?id=679860 https://bugzilla.gnome.org/show_bug.cgi?id=719982 ...etc... -- dwmw2 |
