[PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated
Mimi Zohar
zohar at linux.ibm.com
Tue Jul 9 16:31:45 UTC 2019
On Tue, 2019-07-09 at 19:24 +0300, Jarkko Sakkinen wrote:
> On Mon, Jul 08, 2019 at 01:34:59PM -0700, James Bottomley wrote:
> > Not a criticism of your patch, but can we please stop doing this.
> > Single random number sources are horrendously bad practice because it
> > gives an attacker a single target to subvert. We should ensure the TPM
> > is plugged into the kernel RNG as a source and then take randomness
> > from the mixed pool so it's harder for an attacker because they have to
> > subvert all our sources to predict what came out.
>
> It is and I agree.
I still haven't quite figured out why the digests need to be
initialized to anything other than 0.
Mimi
More information about the Linux-security-module-archive
mailing list