[sorry, hit send by mistake...] On Sunday, December 28, 2014, Gustavo De Nardin (spuk) <gustavodn@xxxxxxxxx> wrote: > FWIW, I don't think just by enabling > > On Wednesday, December 24, 2014, Javier Vasquez <j.e.vasquez.v@xxxxxxxxx > <javascript:_e(%7B%7D,'cvml','j.e.vasquez.v@xxxxxxxxx');>> wrote: > >> > On Wed, Dec 24, 2014 at 3:03 PM, Daniel Micay <danielmicay@xxxxxxxxx> >> wrote: >> > >> > Ivy Bridge and later have an RDRAND instruction exposing a hardware >> > random number generator so there's no need for any TPM stuff. RDSEED >> > will be provided by Broadwell and later for lower-level access to the >> > hardware entropy rather than via a CSPRNG. It's already leveraged by the >> > kernel and libraries like the C++ <random> implementation in libstdc++. >> >> Great to know. Perhaps there will be no need for rng-tools neither >> haveged for those processors, :-) >> >> Bad thing my i5/i7 processors are still sandy bridge. So whether I >> use tpm-rng (rng-tools doesn't read it, so no luck), or I use haveged, >> or nothing, :-) >> >> Thanks for answering. >> >> >> -- >> Javier >> > FWIW, I don't think just by enabling the TPM you have any risk of "being monitored". AFAIK the TPM just provides some trust/crypto-related functions for the use of the OS and/or applications. t' > > -- > (nil) > -- (nil)
