TPMs and random numbers

From: H. Peter Anvin
Date: Mon Sep 09 2013 - 17:12:46 EST

Next message: Stephen Warren: "Re: [PATCHv3 1/2] ARM: msm: Add support for APQ8074 Dragonboard"
Previous message: Daniel Santos: "Re: "Virtual" Interrupts -- Need help please"
Next in thread: Andy Lutomirski: "Re: TPMs and random numbers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It recently came to my attention that there are no standards whatsoever
for random number generated by TPMs. In fact, there *are* TPMs where
random numbers are generated by an encrypted nonvolatile counter (I do
not know which ones); this is apparently considered acceptable for the
uses of random numbers that TPMs produce.

There are two issues with this from a Linux point of view. One, we
harvest supposed entropy from the TPM for /dev/*random use via
/dev/hwrng and rngd. This was something I originally proposed because
on a lot of platforms it is the only available entropy source with any
significant bandwidth. However, in light of the above it is
questionable at best, at least with entropy being credited.

The other issue is that we use tpm_get_random() *directly* in
security/keys/trusted.c.

I don't know what the policy ought to be, but I suspect we should ask
the question.

-hpa
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephen Warren: "Re: [PATCHv3 1/2] ARM: msm: Add support for APQ8074 Dragonboard"
Previous message: Daniel Santos: "Re: "Virtual" Interrupts -- Need help please"
Next in thread: Andy Lutomirski: "Re: TPMs and random numbers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]