[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YGOcZtkw3ZM5kvl6@gmail.com>
Date: Tue, 30 Mar 2021 14:47:18 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: Jarkko Sakkinen <jarkko@...nel.org>
Cc: David Gstir <david@...ma-star.at>,
Sumit Garg <sumit.garg@...aro.org>,
Ahmad Fatoum <a.fatoum@...gutronix.de>,
Mimi Zohar <zohar@...ux.ibm.com>,
Horia Geantă <horia.geanta@....com>,
Jonathan Corbet <corbet@....net>,
David Howells <dhowells@...hat.com>,
James Bottomley <jejb@...ux.ibm.com>,
"kernel@...gutronix.de" <kernel@...gutronix.de>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Aymen Sghaier <aymen.sghaier@....com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Udit Agarwal <udit.agarwal@....com>,
Jan Luebbe <j.luebbe@...gutronix.de>,
Franck Lenormand <franck.lenormand@....com>,
"keyrings@...r.kernel.org" <keyrings@...r.kernel.org>,
"linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
"linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
"linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-security-module@...r.kernel.org"
<linux-security-module@...r.kernel.org>
Subject: Re: [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP
CAAM-based trusted keys
On Sun, Mar 28, 2021 at 11:37:23PM +0300, Jarkko Sakkinen wrote:
>
> Unfortunately, TPM trusted keys started this bad security practice, and
> obviously it cannot be fixed without breaking uapi backwards compatibility.
>
The whole point of a randomness source is that it is random. So userspace can't
be depending on any particular output, and the randomness source can be changed
without breaking backwards compatibility.
So IMO, trusted keys should simply be fixed to use get_random_bytes().
- Eric
Powered by blists - more mailing lists