[PATCH] KEYS: trusted: Use get_random-fallback for TPM
Jarkko Sakkinen
jarkko at kernel.org
Mon Dec 15 20:25:50 UTC 2025
On Mon, Dec 15, 2025 at 09:01:49PM +0100, James Bottomley wrote:
> On Mon, 2025-12-15 at 21:43 +0200, Jarkko Sakkinen wrote:
> [...]
> > I think there is misunderstanding with FIPS.
> >
> > Having FIPS certificated RNG in TPM matters but it only matters only
> > in the sense that callers can be FIPS certified as they use that RNG
> > as a source.
> >
> > Using FIPS certified RNG does not magically make callers be FIPS
> > ceritified actors. The data is contaminated in that sense at the
> > point when kernel acquires it.
>
> I think FIPS certification is a red herring. The point being made in
> the original thread is about RNG quality. The argument essentially
> being that the quality of the TPM RNG is known at all points in time
> but the quality of the kernel RNG (particularly at start of day when
> the entropy pool is new) is less certain.
OK, that's fair point.
I.e., using TPM2_GetRandom here makes sense, not because of FIPS
certification per se but because it is guarantees matching entropy to
other types of keys generated with TPM2_Create (as everything uses the
same RNG).
I can buy this but think it would really make sense to add a comment to
the source code.
I was thinking something along the lines of:
/*
* tpm_get_random() is used here directly instead of relying kernel's
* RNG in order to match RNGs with objects generated by TPM internally.
*/
It does not mention FIPS explicitly because I think this is already
enforcing condition and thus enough. And e.g., applies also when one
uses an emulator (and thus useful tidbit for that use and purpose).
>
> Regards,
>
> James
>
BR, Jarkko
More information about the Linux-security-module-archive
mailing list