On Wed, Oct 16, 2019 at 10:02:01AM +0300, Janne Karhunen wrote: > On Tue, Oct 15, 2019 at 3:50 PM Jarkko Sakkinen > <jarkko.sakkinen@xxxxxxxxxxxxxxx> wrote: > > > > Salt the result that comes from the TPM RNG with random bytes from the > > kernel RNG. This will allow to use tpm_get_random() as a substitute for > > get_random_bytes(). TPM could have a bug (making results predicatable), > > backdoor or even an inteposer in the bus. Salting gives protections > > against these concerns. > > The current issue in the randomness from my point of view is that > encrypted filesystems, ima etc in common deployments require high > quality entropy just few seconds after the system has powered on for > the first time. It is likely that people want to keep their keys > device specific, so the keys need to be generated on the first boot > before any of the filesystems mount. This patch does not have the described issue. Which call sites are you talking about? /Jarkko
