On Thu, 2019-09-26 at 20:16 +0300, Jarkko Sakkinen wrote: > Only the kernel random pool should be used for generating random numbers. > TPM contributes to that pool among the other sources of entropy. In here it > is not, agreed, absolutely critical because TPM is what is trusted anyway > but in order to remove tpm_get_random() we need to first remove all the > call sites. At what point during boot is the kernel random pool available? Does this imply that you're planning on changing trusted keys as well? Mimi
