On Mon, Jul 08, 2019 at 01:34:59PM -0700, James Bottomley wrote: > Not a criticism of your patch, but can we please stop doing this. > Single random number sources are horrendously bad practice because it > gives an attacker a single target to subvert. We should ensure the TPM > is plugged into the kernel RNG as a source and then take randomness > from the mixed pool so it's harder for an attacker because they have to > subvert all our sources to predict what came out. It is and I agree. /Jarkko
