[PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys
a.fatoum at pengutronix.de
Wed Mar 24 09:26:14 UTC 2021
On 23.03.21 19:07, Mimi Zohar wrote:
> On Tue, 2021-03-23 at 17:35 +0100, Ahmad Fatoum wrote:
>> On 21.03.21 21:48, Horia Geantă wrote:
>>> caam has random number generation capabilities, so it's worth using that
>>> by implementing .get_random.
>> If the CAAM HWRNG is already seeding the kernel RNG, why not use the kernel's?
>> Makes for less code duplication IMO.
> Using kernel RNG, in general, for trusted keys has been discussed
> before. Please refer to Dave Safford's detailed explanation for not
> using it .
The argument seems to boil down to:
- TPM RNG are known to be of good quality
- Trusted keys always used it so far
Both are fine by me for TPMs, but the CAAM backend is new code and neither point
get_random_bytes_wait is already used for generating key material elsewhere.
Why shouldn't new trusted key backends be able to do the same thing?
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the Linux-security-module-archive