[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4e0e8f5b-f5c9-003b-6aac-cea7c49b3f96@pengutronix.de>
Date: Wed, 18 May 2022 06:31:33 +0200
From: Ahmad Fatoum <a.fatoum@...gutronix.de>
To: Mimi Zohar <zohar@...ux.ibm.com>,
"Jason A. Donenfeld" <Jason@...c4.com>
Cc: James Bottomley <jejb@...ux.ibm.com>,
Jarkko Sakkinen <jarkko@...nel.org>,
David Howells <dhowells@...hat.com>, kernel@...gutronix.de,
Sumit Garg <sumit.garg@...aro.org>,
Pankaj Gupta <pankaj.gupta@....com>,
David Gstir <david@...ma-star.at>,
Michael Walle <michael@...le.cc>,
John Ernberg <john.ernberg@...ia.se>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Horia Geantă <horia.geanta@....com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Jan Luebbe <j.luebbe@...gutronix.de>,
Eric Biggers <ebiggers@...nel.org>,
Richard Weinberger <richard@....at>,
Franck LENORMAND <franck.lenormand@....com>,
Matthias Schiffer <matthias.schiffer@...tq-group.com>,
keyrings@...r.kernel.org, linux-crypto@...r.kernel.org,
linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
Pascal Van Leeuwen <pvanleeuwen@...imatrix.com>
Subject: Re: [PATCH v10 2/7] KEYS: trusted: allow use of kernel RNG for key
material
Hello Mimi,
On 17.05.22 21:49, Mimi Zohar wrote:
> On Tue, 2022-05-17 at 20:30 +0200, Jason A. Donenfeld wrote:
>> Hi Mimi,
>>
>> On Tue, May 17, 2022 at 02:21:08PM -0400, Mimi Zohar wrote:
>>> On Tue, 2022-05-17 at 19:38 +0200, Jason A. Donenfeld wrote:
>> Apologies in advance if I've missed the mark here; I'm not very familiar
>> with this thread or what it's driving at. If the simple question was
>> just "is get_random_bytes_wait() good to use?" the answer is just "yes"
>> and I can disappear and stop confusing things. :)
>
> My apologies for your having been brought into this discussion without
> having properly reviewed and summarized the previous thread. As you
> saw there is a long history.
>
> Jarrko, Ahmad, "Trusted" keys, by definition, are based on the TPM
> RNG. If CAAM trusted key support wants to use kernel RNG by default,
> that's fine. However defining and allowing a boot command line option
> to use kernel RNG instead of the TPM RNG, needs to be configurable.
The use of kernel RNG for TPM Trusted Keys is already opt-in. The default
is trusted.rng=default, which maintains existing behavior. Users who want
to use kernel RNG instead need to explicitly specify trusted.rng=kernel.
What more is needed?
Cheers,
Ahmad
>
> thanks,
>
> Mimi
>
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
Powered by blists - more mailing lists