On Thu, Oct 03, 2019 at 04:59:37PM -0700, James Bottomley wrote: > I think the principle of using multiple RNG sources for strong keys is > a sound one, so could I propose a compromise: We have a tpm subsystem > random number generator that, when asked for <n> random bytes first > extracts <n> bytes from the TPM RNG and places it into the kernel > entropy pool and then asks for <n> random bytes from the kernel RNG? > That way, it will always have the entropy to satisfy the request and in > the worst case, where the kernel has picked up no other entropy sources > at all it will be equivalent to what we have now (single entropy > source) but usually it will be a much better mixed entropy source. I think we should rely the existing architecture where TPM is contributing to the entropy pool as hwrng. /Jarkko