Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes()

From: Jarkko Sakkinen
Date: Fri Oct 04 2019 - 14:22:27 EST

Next message: Jerry Snitselaar: "Re: [PATCH v3 2/2] tpm: Detach page allocation from tpm_buf"
Previous message: Jarkko Sakkinen: "Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes()"
In reply to: James Bottomley: "Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes()"
Next in thread: James Bottomley: "Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Oct 03, 2019 at 04:59:37PM -0700, James Bottomley wrote:
> I think the principle of using multiple RNG sources for strong keys is
> a sound one, so could I propose a compromise: We have a tpm subsystem
> random number generator that, when asked for <n> random bytes first
> extracts <n> bytes from the TPM RNG and places it into the kernel
> entropy pool and then asks for <n> random bytes from the kernel RNG?
> That way, it will always have the entropy to satisfy the request and in
> the worst case, where the kernel has picked up no other entropy sources
> at all it will be equivalent to what we have now (single entropy
> source) but usually it will be a much better mixed entropy source.

I think we should rely the existing architecture where TPM is
contributing to the entropy pool as hwrng.

/Jarkko

Next message: Jerry Snitselaar: "Re: [PATCH v3 2/2] tpm: Detach page allocation from tpm_buf"
Previous message: Jarkko Sakkinen: "Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes()"
In reply to: James Bottomley: "Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes()"
Next in thread: James Bottomley: "Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]