> > There are many good reasons for wanting the keys to be based on the > > TPM generator. As the source for the kernel random number generator > > itself says, some systems lack good randomness at startup, and systems > > should preserve and reload the pool across shutdown and startup. > > There are use cases for trusted keys which need to generate keys > > before such scripts have run. Also, in some use cases, we need to show > > that trusted keys are FIPS compliant, which is possible with TPM > > generated keys. > > If you are able to call tpm_get_random(), the driver has already > registered TPN as hwrng. With this solution you fail to follow the > principle of defense in depth. If the TPM random number generator > is compromissed (has a bug) using the entropy pool will decrease > the collateral damage. I.e. you make everything depend on single point of failure instead of multiple (e.g. rdrand, TPM, whatnot). /Jarkko
