Re: [PATCH v10 2/7] KEYS: trusted: allow use of kernel RNG for key material

[Jason A. Donenfeld]

Hi Jarkko,


On Tue, May 17, 2022 at 09:10:57PM +0300, Jarkko Sakkinen wrote:
> On Tue, 2022-05-17 at 19:27 +0200, Jason A. Donenfeld wrote:
> > On Fri, May 13, 2022 at 04:57:00PM +0200, Ahmad Fatoum wrote:
> > > +       trusted.rng=    [KEYS]
> > > +                       Format: <string>
> > > +                       The RNG used to generate key material for trusted keys.
> > > +                       Can be one of:
> > > +                       - "kernel"
> > > +                       - the same value as trusted.source: "tpm" or "tee"
> > > +                       - "default"
> > > +                       If not specified, "default" is used. In this case,
> > > +                       the RNG's choice is left to each individual trust source.
> > > +
> > 
> > As a general mechanism, I object to this. The kernel's RNG must be
> > trusted in the first place for key material. That's the whole point of
> > it.
> 
> I would relax this  a bit: kernel's RNG must be implicitly must be

Sorry, I didn't mean to seem unrelaxed. What I meant was that as a
general mechanism, it doesn't make sense, but it isn't a general
mechanism, it's a particular one for trusted_keys, which led me to
question why it seemed to have such a general name like "trusted.rng".
Ahmad pointed out that the trusted prefix actually isn't general. It's
what trusted_keys compiles its module as. So just a misunderstanding. It
appears to be a module param after all. Sorry for the noise!

Jason