[PATCH v9 01/11] KEYS: trusted: Use get_random-fallback for TPM
Mimi Zohar
zohar at linux.ibm.com
Fri Feb 20 18:04:30 UTC 2026
[Cc: Chris Fenner, Jonathan McDowell, Roberto]
On Sun, 2026-01-25 at 21:25 +0200, Jarkko Sakkinen wrote:
> 1. tpm2_get_random() is costly when TCG_TPM2_HMAC is enabled and thus its
> use should be pooled rather than directly used. This both reduces
> latency and improves its predictability.
If the concern is the latency of encrypting the bus session, please remember
that:
- Not all environments expose the TPM bus to sniffing.
- The current TPM trusted keys design is based on TPM RNG, but already allows it
to be replaced with the kernel RNG via the "trusted_rng=kernel" boot command
line option.
- The proposed patch removes that possibility for no reason.
Mimi & Elaine
More information about the Linux-security-module-archive
mailing list