Hi Peter, On 5 September 2017 7:24:02 PM IST, Peter Huewe <PeterHuewe@xxxxxx> wrote: >Hi, > >while reading through the analysis of the Linux RNG by the BSI [1][2], >I was suprised by the lack of reflecting on the usage of HWRNGs except >RDRAND/RDSEED. > >In the paper it was mentioned that if the quality attribute of a >regular hwrng is not set >(or specified via the module parameter default_quality for all hwrng) >the HWRNG is not used at all. >Only very few set this attribute explictly, and the default is 0, >so even if we enable these HWRNGs in the kernel config, they are not >used? > >I read through the hw_random code and came to the same conclusion - but >is this correct and desired? If the quality of RNG source is not set or set to 0 then hwrng does not use the data to seed /dev/random. >Specifically since you can set the 'default value' only for every hwrng >but not overwrite the quality for a specific device. >e.g. the quite good tpm hwrng of my ifx tpm would not be used and >if I set the default_quality to something other than 0, other devices >would be used, which I would not want to. Device with high quality will be used by default. But user space can tell hwrng to use a particular device even if it is not the best RNG source. But it won't be used for seeing /dev/random even in this case. Every instance of hw_random structure represents a RNG device. If you can use different instance for every TPM chip then setting different quality value is possible. I have an untested patch that allocates different hw_random structure instance for every TPM chip and registers with hwrng on tpm_chip_register. I made the change for fixing some other issue but did not get time to test it. If that patch will be helpful I can find it out and post the patch as RFC tomorrow. > >Is this understanding correct? > > >Thanks, >Peter >(tpm maintainer) > > > >[1] >https://www.bsi.bund.de/DE/Publikationen/Studien/LinuxRNG/index_htm.html >[2] >https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=5 Regards, PrasannaKumar -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
