2 Oct
2019
2 Oct
'19
2 p.m.
On Thu, 2019-09-26 at 20:16 +0300, Jarkko Sakkinen wrote:
Only the kernel random pool should be used for generating random numbers. TPM contributes to that pool among the other sources of entropy. In here it is not, agreed, absolutely critical because TPM is what is trusted anyway but in order to remove tpm_get_random() we need to first remove all the call sites.
At what point during boot is the kernel random pool available? Does this imply that you're planning on changing trusted keys as well?
Mimi