On Thu, Oct 03, 2019 at 02:41:19PM +0300, Jarkko Sakkinen wrote:
On Wed, Oct 02, 2019 at 10:00:19AM -0400, Mimi Zohar wrote:
On Thu, 2019-09-26 at 20:16 +0300, Jarkko Sakkinen wrote:
Only the kernel random pool should be used for generating random numbers. TPM contributes to that pool among the other sources of entropy. In here it is not, agreed, absolutely critical because TPM is what is trusted anyway but in order to remove tpm_get_random() we need to first remove all the call sites.
At what point during boot is the kernel random pool available? Does this imply that you're planning on changing trusted keys as well?
Well trusted keys *must* be changed to use it. It is not a choice because using a proprietary random number generator instead of defacto one in the kernel can be categorized as a *regression*.
Also, TEE trusted keys cannot use the TPM option.
If it was not initialized early enough we would need fix that too.
I don't think there should be a problem anyway since encrypted keys is already using get_random_bytes().
Looking at asym_tpm.c the implementation copies all the anti-patterns from trusted keys, which is really unfortunate. I don't know how that has passed through all the filters.
/Jarkko