On 24/12/14 02:45 PM, Javier Vasquez wrote: > Hi, > > Seems like on i5 and i7 chips the way to get random numbers through HW > is to use tpm-rng (intel-rng is no longer available for them). An by > reading [1] seems like a pretty good idea. > > However I have no intention to use tpm at all, neither I want any > possibility to get any one monitoring my machine, which is one of the > possible use cases with tpm. > > Does one, just by using tpm to feed entropy, open any door on linux > for any other tpm functionality? Or is it totally safe to use > tpm-rng? > > Thanks, Ivy Bridge and later have an RDRAND instruction exposing a hardware random number generator so there's no need for any TPM stuff. RDSEED will be provided by Broadwell and later for lower-level access to the hardware entropy rather than via a CSPRNG. It's already leveraged by the kernel and libraries like the C++ <random> implementation in libstdc++.
Attachment:
signature.asc
Description: OpenPGP digital signature
