> From: linux-integrity-owner@xxxxxxxxxxxxxxx <linux-integrity- > owner@xxxxxxxxxxxxxxx> On Behalf Of Jarkko Sakkinen > Sent: Friday, October 4, 2019 2:27 PM > Subject: EXT: Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes() > > If you are able to call tpm_get_random(), the driver has already registered > TPN as hwrng. With this solution you fail to follow the principle of defense in > depth. If the TPM random number generator is compromissed (has a bug) > using the entropy pool will decrease the collateral damage. And if the entropy pool has a bug or is misconfigured, you lose everything. That does not sound like defense in depth to me. In the real world I am not aware of a single instance of RNG vulnerability on a TPM. I am directly aware of several published vulnerabilities in embedded systems due to a badly ported version of the kernel random pool. In addition, the random generator in a TPM is hardware isolated, and less likely to be vulnerable to side channel or memory manipulation errors. The TPM RNG is typically FIPS certified. The use of the TPM RNG was a deliberate design choice in trusted keys. > > Third, as Mimi states, using a TPM is not a "regression". It would be > > a regression to change trusted keys _not_ to use the TPM, because that > > is what trusted keys are documented to provide to user space. > > For asym-tpm.c it is without a question a regression because of the evolution > that has happened after trusted keys. For trusted keys using kernel rng > would be improvement. Perhaps this is a language issue, but you are not using "regression" correctly. Changing to the kernel pool would not only be a debatable "improvement", but also would certainly be a change to the documented trusted key behavior, which I thought was frowned upon. dave
