On Tue, Oct 24, 2017 at 9:11 AM, Jason Gunthorpe <jgunthorpe@xxxxxxxxxxxxxxxxxxxx> wrote: > On Tue, Oct 24, 2017 at 09:37:33PM +0530, PrasannaKumar Muralidharan wrote: >> Hi Jason, >> >> On 24 October 2017 at 21:25, Jason Gunthorpe >> <jgunthorpe@xxxxxxxxxxxxxxxxxxxx> wrote: >> > On Tue, Oct 24, 2017 at 09:21:15PM +0530, PrasannaKumar Muralidharan wrote: >> > >> >> Please check the RFC [1]. It does use chip id. The rfc has issues and >> >> has to be fixed but still there could be users of the API. >> >> >> >> 1. https://www.spinics.net/lists/linux-crypto/msg28282.html >> > >> > That patch isn't safe at all. You need to store a kref to th chip in >> > the hwrng, not parse a string. >> >> The drivers/char/hw_random/tpm-rng.c module does not store the chip >> reference so I guess the usage is safe. > > It is using the default TPM, it is always safe to use the default tpm. tpm-rng is abomination that should be kicked out as soon as possible. It wrecks havoc with the power management (TPM chip drivers may go into suspend state, but tpm_rng does not do any power management and happily forwards requests to suspended hardware) and may be available when there is no TPM at all yet (the drivers have not been probed yet, or have gotten a deferral, etc). TPM core should register HWRNGs when chips are ready. Thanks. -- Dmitry