From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Mario Limonciello <mario.limonciello@amd.com>
Cc: jarkko@kernel.org, peterhuewe@gmx.de,
linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org,
dragonn@op.pl
Subject: Re: [PATCH 2/3] tpm: Add command line for not trusting tpm for RNG
Date: Thu, 3 Aug 2023 15:42:31 +0200 [thread overview]
Message-ID: <ZMuux5CE1xIR7Mc3@zx2c4.com> (raw)
In-Reply-To: <20230803015015.915-3-mario.limonciello@amd.com>
On Wed, Aug 02, 2023 at 08:50:14PM -0500, Mario Limonciello wrote:
> The kernel supports random.cpu=off and random.bootloader=off.
> As TPM RNG is also registered as a hwrng, add the ability to
> prevent registering the TPM RNG.
Please do *not* do this. I agree with Jarkko that this doesn't belong.
Firstly, you're proposing a flag for the tpm driver, so the `random.`
namespace is inappropriate. Do not use the `random.` namespace if you're
not dealing with random.c specifically. Rather, this is very much a
`tpm.register_hwrng=1/0` flag, which describes better what this is about.
Secondly, I think you're making a mountain out of a molehill. You first
wanted to also disable Intel devices too, even though they aren't
affected by this bug. Now you're proposing a way for users to disable
everything. But so far there's no evidence that this matter goes any
further than AMD's fTPM. So let's calm a bit and not make too big deal
of this. If we suddenly get lots of reports that there's broken behavior
across the board, then maybe we should consider something like this. But
insofar as this is just an AMD derp, let's keep it simple and not over
complicate everything with more knobs. Fewer knobs, please!
Finally, with regards to AMD, my hope is that eventually the fTPM
becomes useful as a hwrng, and then we can relax the disabling to
re-enable it for whatever new revision might come to exist in the
future.
Thanks,
Jason
next prev parent reply other threads:[~2023-08-03 13:45 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-03 1:50 [PATCH 0/3] More changes related to TPM RNG handling Mario Limonciello
2023-08-03 1:50 ` [PATCH 1/3] tpm: Add a missing check for TPM_CHIP_FLAG_HWRNG_DISABLED Mario Limonciello
2023-08-03 8:59 ` Jarkko Sakkinen
2023-08-03 11:35 ` Mario Limonciello
2023-08-03 13:50 ` Jason A. Donenfeld
2023-08-04 22:52 ` Jarkko Sakkinen
2023-08-03 1:50 ` [PATCH 2/3] tpm: Add command line for not trusting tpm for RNG Mario Limonciello
2023-08-03 13:42 ` Jason A. Donenfeld [this message]
2023-08-03 1:50 ` [PATCH 3/3] tpm: Drop CONFIG_HW_RANDOM_TPM Mario Limonciello
2023-08-03 7:22 ` Paul Menzel
2023-08-03 9:03 ` Jarkko Sakkinen
2023-08-03 11:45 ` Mario Limonciello
2023-08-03 9:01 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZMuux5CE1xIR7Mc3@zx2c4.com \
--to=jason@zx2c4.com \
--cc=dragonn@op.pl \
--cc=jarkko@kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mario.limonciello@amd.com \
--cc=peterhuewe@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).