[PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated

[Jarkko Sakkinen]

On Mon, Jul 08, 2019 at 01:34:59PM -0700, James Bottomley wrote:
> Not a criticism of your patch, but can we please stop doing this. 
> Single random number sources are horrendously bad practice because it
> gives an attacker a single target to subvert.  We should ensure the TPM
> is plugged into the kernel RNG as a source and then take randomness
> from the mixed pool so it's harder for an attacker because they have to
> subvert all our sources to predict what came out.

It is and I agree.

/Jarkko