lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 31 Jul 2023 16:57:20 -0500
From:   "Limonciello, Mario" <mario.limonciello@....com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>,
        linux@...inikbrodowski.net
Cc:     Jarkko Sakkinen <jarkko@...nel.org>,
        Daniil Stas <daniil.stas@...teo.net>,
        James.Bottomley@...senpartnership.com, Jason@...c4.com,
        linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org,
        regressions@...mhuis.info, stable@...r.kernel.org
Subject: Re: [PATCH 1/1] tpm: disable hwrng for fTPM on some AMD designs



On 7/31/2023 2:30 PM, Linus Torvalds wrote:
> On Mon, 31 Jul 2023 at 12:18, Limonciello, Mario
> <mario.limonciello@....com> wrote:
>>
>>> Is there some way to just see "this is a fTPM"?
>>
>> How many fTPM implementations are there?  We're talking like less than 5
>> right?  Maybe just check against a static list when
>> calling tpm_add_hwrng().
> 
> Sounds sane. But I was hoping for some direct way to just query "are
> you a firmware SMI hook, or real hardware".
> 
> It would be lovely to avoid the list, because maybe AMD does - or in
> the past have done - discrete TPM hardware?  So it might not be as
> easy as just checking against the manufacturer..
> 
> That said, maybe it really doesn't matter. I'm perfectly fine with
> just the "check for AMD as a manufacturer" too.

Jarko's patch seems conceptually fine for now for the fire of the day if 
that's the consensus on the direction for this.

> 
> In fact, I'd be perfectly happy with not using the TPM for run-time
> randomness at all, and purely doing it for the bootup entropy, which
> is where I feel it matters a lot m ore.
> 
>> I've had some discussions today with a variety of people on this problem
>> and there is no advantage to get RNG through the fTPM over RDRAND.
> 
> Ack.
> 
> And that's true even if you _trust_ the fTPM.
> 
> That said, I see no real downside to using the TPM (whether firmware
> or discrete) to just add to the boot-time "we'll gather entropy for
> our random number generator from any source".
> 
> So it's purely the runtime randomness where I feel that the upside
> just isn't there, and the downsides are real.
> 
>                    Linus

Are you thinking then to unregister the tpm hwrng "sometime" after boot?

What would be the right timing/event for this? Maybe rootfs_initcall?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ