[PATCH v10 2/7] KEYS: trusted: allow use of kernel RNG for key material
Jason A. Donenfeld
Jason at zx2c4.com
Tue May 17 18:20:49 UTC 2022
Hi Jarkko,
On Tue, May 17, 2022 at 09:10:57PM +0300, Jarkko Sakkinen wrote:
> On Tue, 2022-05-17 at 19:27 +0200, Jason A. Donenfeld wrote:
> > On Fri, May 13, 2022 at 04:57:00PM +0200, Ahmad Fatoum wrote:
> > > + trusted.rng= [KEYS]
> > > + Format: <string>
> > > + The RNG used to generate key material for trusted keys.
> > > + Can be one of:
> > > + - "kernel"
> > > + - the same value as trusted.source: "tpm" or "tee"
> > > + - "default"
> > > + If not specified, "default" is used. In this case,
> > > + the RNG's choice is left to each individual trust source.
> > > +
> >
> > As a general mechanism, I object to this. The kernel's RNG must be
> > trusted in the first place for key material. That's the whole point of
> > it.
>
> I would relax this a bit: kernel's RNG must be implicitly must be
Sorry, I didn't mean to seem unrelaxed. What I meant was that as a
general mechanism, it doesn't make sense, but it isn't a general
mechanism, it's a particular one for trusted_keys, which led me to
question why it seemed to have such a general name like "trusted.rng".
Ahmad pointed out that the trusted prefix actually isn't general. It's
what trusted_keys compiles its module as. So just a misunderstanding. It
appears to be a module param after all. Sorry for the noise!
Jason
More information about the Linux-security-module-archive
mailing list