On Tue, Mar 30, 2021 at 02:47:18PM -0700, Eric Biggers wrote: > On Sun, Mar 28, 2021 at 11:37:23PM +0300, Jarkko Sakkinen wrote: > > > > Unfortunately, TPM trusted keys started this bad security practice, and > > obviously it cannot be fixed without breaking uapi backwards compatibility. > > > > The whole point of a randomness source is that it is random. So userspace can't > be depending on any particular output, and the randomness source can be changed > without breaking backwards compatibility. > > So IMO, trusted keys should simply be fixed to use get_random_bytes(). > > - Eric It's a bummer but uapi is the god in the end. Since TPM does not do it today, that behaviour must be supported forever. That's why a boot option AND a warning would be the best compromise. /Jarkko
