[PATCH v10 2/7] KEYS: trusted: allow use of kernel RNG for key material
Ahmad Fatoum
a.fatoum at pengutronix.de
Wed May 18 04:31:33 UTC 2022
Hello Mimi,
On 17.05.22 21:49, Mimi Zohar wrote:
> On Tue, 2022-05-17 at 20:30 +0200, Jason A. Donenfeld wrote:
>> Hi Mimi,
>>
>> On Tue, May 17, 2022 at 02:21:08PM -0400, Mimi Zohar wrote:
>>> On Tue, 2022-05-17 at 19:38 +0200, Jason A. Donenfeld wrote:
>> Apologies in advance if I've missed the mark here; I'm not very familiar
>> with this thread or what it's driving at. If the simple question was
>> just "is get_random_bytes_wait() good to use?" the answer is just "yes"
>> and I can disappear and stop confusing things. :)
>
> My apologies for your having been brought into this discussion without
> having properly reviewed and summarized the previous thread. As you
> saw there is a long history.
>
> Jarrko, Ahmad, "Trusted" keys, by definition, are based on the TPM
> RNG. If CAAM trusted key support wants to use kernel RNG by default,
> that's fine. However defining and allowing a boot command line option
> to use kernel RNG instead of the TPM RNG, needs to be configurable.
The use of kernel RNG for TPM Trusted Keys is already opt-in. The default
is trusted.rng=default, which maintains existing behavior. Users who want
to use kernel RNG instead need to explicitly specify trusted.rng=kernel.
What more is needed?
Cheers,
Ahmad
>
> thanks,
>
> Mimi
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the Linux-security-module-archive
mailing list