Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Oct 03, 2019 at 04:59:37PM -0700, James Bottomley wrote:
> I think the principle of using multiple RNG sources for strong keys is
> a sound one, so could I propose a compromise:  We have a tpm subsystem
> random number generator that, when asked for <n> random bytes first
> extracts <n> bytes from the TPM RNG and places it into the kernel
> entropy pool and then asks for <n> random bytes from the kernel RNG? 
> That way, it will always have the entropy to satisfy the request and in
> the worst case, where the kernel has picked up no other entropy sources
> at all it will be equivalent to what we have now (single entropy
> source) but usually it will be a much better mixed entropy source.

I think we should rely the existing architecture where TPM is
contributing to the entropy pool as hwrng.

/Jarkko



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux