Hello Mimi, On 17.05.22 21:49, Mimi Zohar wrote: > On Tue, 2022-05-17 at 20:30 +0200, Jason A. Donenfeld wrote: >> Hi Mimi, >> >> On Tue, May 17, 2022 at 02:21:08PM -0400, Mimi Zohar wrote: >>> On Tue, 2022-05-17 at 19:38 +0200, Jason A. Donenfeld wrote: >> Apologies in advance if I've missed the mark here; I'm not very familiar >> with this thread or what it's driving at. If the simple question was >> just "is get_random_bytes_wait() good to use?" the answer is just "yes" >> and I can disappear and stop confusing things. :) > > My apologies for your having been brought into this discussion without > having properly reviewed and summarized the previous thread. As you > saw there is a long history. > > Jarrko, Ahmad, "Trusted" keys, by definition, are based on the TPM > RNG. If CAAM trusted key support wants to use kernel RNG by default, > that's fine. However defining and allowing a boot command line option > to use kernel RNG instead of the TPM RNG, needs to be configurable. The use of kernel RNG for TPM Trusted Keys is already opt-in. The default is trusted.rng=default, which maintains existing behavior. Users who want to use kernel RNG instead need to explicitly specify trusted.rng=kernel. What more is needed? Cheers, Ahmad > > thanks, > > Mimi > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
