From: "H. Peter Anvin" <hpa@zytor.com>
To: Leonidas Da Silva Barbosa <leosilva@linux.vnet.ibm.com>,
Ashley Lai <ashley@ashleylai.com>,
Rajiv Andrade <mail@srajiv.net>,
Marcel Selhorst <tpmdd@selhorst.net>,
Sirrix AG <tpmdd@sirrix.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Jeff Garzik <jgarzik@pobox.com>, "Ted Ts'o" <tytso@mit.edu>,
Kent Yoder <key@linux.vnet.ibm.com>,
David Safford <safford@watson.ibm.com>,
Mimi Zohar <zohar@us.ibm.com>,
"Johnston, DJ" <dj.johnston@intel.com>
Subject: TPMs and random numbers
Date: Mon, 09 Sep 2013 14:11:51 -0700 [thread overview]
Message-ID: <522E3997.9030109@zytor.com> (raw)
It recently came to my attention that there are no standards whatsoever
for random number generated by TPMs. In fact, there *are* TPMs where
random numbers are generated by an encrypted nonvolatile counter (I do
not know which ones); this is apparently considered acceptable for the
uses of random numbers that TPMs produce.
There are two issues with this from a Linux point of view. One, we
harvest supposed entropy from the TPM for /dev/*random use via
/dev/hwrng and rngd. This was something I originally proposed because
on a lot of platforms it is the only available entropy source with any
significant bandwidth. However, in light of the above it is
questionable at best, at least with entropy being credited.
The other issue is that we use tpm_get_random() *directly* in
security/keys/trusted.c.
I don't know what the policy ought to be, but I suspect we should ask
the question.
-hpa
next reply other threads:[~2013-09-09 21:12 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-09 21:11 H. Peter Anvin [this message]
2013-09-11 1:50 ` TPMs and random numbers Andy Lutomirski
-- strict thread matches above, loose matches on Subject: below --
2013-09-11 17:22 David Safford
2013-09-11 17:49 ` Andy Lutomirski
2013-09-11 18:45 ` Theodore Ts'o
2013-09-11 19:06 ` Jeff Garzik
2013-09-11 19:08 ` Andy Lutomirski
2013-09-11 19:25 ` H. Peter Anvin
2013-09-11 20:28 ` Theodore Ts'o
2013-09-11 20:44 ` H. Peter Anvin
2013-09-11 18:47 ` David Safford
2013-09-12 21:57 ` Jörn Engel
2013-09-12 23:38 ` Andy Lutomirski
2013-09-12 23:39 ` Jeff Garzik
2013-09-12 22:13 ` Jörn Engel
2013-09-12 23:51 ` Andy Lutomirski
2013-09-12 22:23 ` Jörn Engel
2013-09-13 2:13 ` Theodore Ts'o
2013-09-13 2:22 ` Jörn Engel
2013-09-11 22:08 ` Johnston, DJ
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=522E3997.9030109@zytor.com \
--to=hpa@zytor.com \
--cc=ashley@ashleylai.com \
--cc=dj.johnston@intel.com \
--cc=jgarzik@pobox.com \
--cc=key@linux.vnet.ibm.com \
--cc=leosilva@linux.vnet.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mail@srajiv.net \
--cc=safford@watson.ibm.com \
--cc=tpmdd@selhorst.net \
--cc=tpmdd@sirrix.com \
--cc=tytso@mit.edu \
--cc=zohar@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.