[PATCH v10 2/7] KEYS: trusted: allow use of kernel RNG for key material

Ahmad Fatoum a.fatoum at pengutronix.de
Wed May 18 04:31:33 UTC 2022


Hello Mimi,

On 17.05.22 21:49, Mimi Zohar wrote:
> On Tue, 2022-05-17 at 20:30 +0200, Jason A. Donenfeld wrote:
>> Hi Mimi,
>>
>> On Tue, May 17, 2022 at 02:21:08PM -0400, Mimi Zohar wrote:
>>> On Tue, 2022-05-17 at 19:38 +0200, Jason A. Donenfeld wrote:
>> Apologies in advance if I've missed the mark here; I'm not very familiar
>> with this thread or what it's driving at. If the simple question was
>> just "is get_random_bytes_wait() good to use?" the answer is just "yes"
>> and I can disappear and stop confusing things. :)
> 
> My apologies for your having been brought into this discussion without
> having properly reviewed and summarized the previous thread.   As you
> saw there is a long history.
> 
> Jarrko, Ahmad,  "Trusted" keys, by definition, are based on the TPM
> RNG.  If CAAM trusted key support wants to use kernel RNG by default,
> that's fine.  However defining and allowing a boot command line option
> to use kernel RNG instead of the TPM RNG, needs to be configurable.

The use of kernel RNG for TPM Trusted Keys is already opt-in. The default
is trusted.rng=default, which maintains existing behavior. Users who want
to use kernel RNG instead need to explicitly specify trusted.rng=kernel.

What more is needed?

Cheers,
Ahmad



> 
> thanks,
> 
> Mimi
> 
> 


-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



More information about the Linux-security-module-archive mailing list