Re: [Patch v5.1 03/03]: hwrng: khwrngd derating per device

["Theodore Ts'o" <tytso@mit.edu>]

On Mon, Jun 16, 2014 at 04:07:19PM +0200, Torsten Duwe wrote:
> > > TPM RNG is a crook ;-)
> > 
> > I think the word you mean is "crock" (as in "crock of sh*t"?)  :-)
> 
> Actually, I was thinking of a crutch. Makes you walk slowly, but better
> than nothing. Seems I've bent the wrong tube.

Heh.  One of the things that I have considered, especially for TPM, is
that in addition to having a very small quality rating, we should also
have some kind of delay so that we sleep some small amount time before
we pull from the TPM again.

Otherwise the result of using a very small quality rating is that we
end up pounding on the TPM a huge amount until the entropy pool is
above the write_wakeup threshold.  If there's some "real" use of the
TPM, such as authenticating to a wireless network, or some such, I'd
rather not be constantly pounding on the TPM if so happens that there
is a heavy drain on /dev/random at the same time that Network Manager
needs to reauthenticate to the 802.1x network.

> > manufacturer is supplying the device driver, it may not be a value
> > that other people will agree with.  Which is why I think making it
> > runtime configurable is a good thing.
> 
> Boot time configurable, I'd say. Again: this is a hardware property,
> multiplied by the admin's level of confidence in the absence of backdoors.
> It's easy with s390: from z/VM you can read all the guest's memory anyway.
> If you use this machine, you already trust IBM.

Sure, but I guess I'm a bit allergic to gazillions of boot
command-line parameters.  I guess if you are building a modular
kernel, this matters a lot less, since you can put the configs in
/etc/modprobe.d.

						- Ted