| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Jun 2014 10:40:33 -0400 From: Theodore Ts'o <tytso@....edu> To: Torsten Duwe <duwe@...e.de> Cc: "H. Peter Anvin" <hpa@...or.com>, Andy Lutomirski <luto@...capital.net>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Andrew Morton <akpm@...ux-foundation.org>, Matt Mackall <mpm@...enic.com>, Herbert Xu <herbert@...dor.apana.org.au>, Arnd Bergmann <arnd@...db.de>, Rusty Russell <rusty@...tcorp.com.au>, Satoru Takeuchi <satoru.takeuchi@...il.com>, ingo.tuchscherer@...ibm.com, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Hans-Georg Markgraf <MGRF@...ibm.com>, Gerald Schaefer <gerald.schaefer@...ibm.com>, Martin Schwidefsky <schwidefsky@...ibm.com>, Heiko Carstens <heiko.carstens@...ibm.com>, Joe Perches <joe@...ches.com>, Jörn Engel <joern@...fs.org> Subject: Re: [Patch v5.1 03/03]: hwrng: khwrngd derating per device On Mon, Jun 16, 2014 at 04:07:19PM +0200, Torsten Duwe wrote: > > > TPM RNG is a crook ;-) > > > > I think the word you mean is "crock" (as in "crock of sh*t"?) :-) > > Actually, I was thinking of a crutch. Makes you walk slowly, but better > than nothing. Seems I've bent the wrong tube. Heh. One of the things that I have considered, especially for TPM, is that in addition to having a very small quality rating, we should also have some kind of delay so that we sleep some small amount time before we pull from the TPM again. Otherwise the result of using a very small quality rating is that we end up pounding on the TPM a huge amount until the entropy pool is above the write_wakeup threshold. If there's some "real" use of the TPM, such as authenticating to a wireless network, or some such, I'd rather not be constantly pounding on the TPM if so happens that there is a heavy drain on /dev/random at the same time that Network Manager needs to reauthenticate to the 802.1x network. > > manufacturer is supplying the device driver, it may not be a value > > that other people will agree with. Which is why I think making it > > runtime configurable is a good thing. > > Boot time configurable, I'd say. Again: this is a hardware property, > multiplied by the admin's level of confidence in the absence of backdoors. > It's easy with s390: from z/VM you can read all the guest's memory anyway. > If you use this machine, you already trust IBM. Sure, but I guess I'm a bit allergic to gazillions of boot command-line parameters. I guess if you are building a modular kernel, this matters a lot less, since you can put the configs in /etc/modprobe.d. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists