[PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated

Mimi Zohar zohar at linux.ibm.com
Tue Jul 9 16:31:45 UTC 2019


On Tue, 2019-07-09 at 19:24 +0300, Jarkko Sakkinen wrote:
> On Mon, Jul 08, 2019 at 01:34:59PM -0700, James Bottomley wrote:
> > Not a criticism of your patch, but can we please stop doing this. 
> > Single random number sources are horrendously bad practice because it
> > gives an attacker a single target to subvert.  We should ensure the TPM
> > is plugged into the kernel RNG as a source and then take randomness
> > from the mixed pool so it's harder for an attacker because they have to
> > subvert all our sources to predict what came out.
> 
> It is and I agree.

I still haven't quite figured out why the digests need to be
initialized to anything other than 0.

Mimi



More information about the Linux-security-module-archive mailing list