lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080515235838.GB23721@khazad-dum.debian.net>
Date:	Thu, 15 May 2008 20:58:38 -0300
From:	Henrique de Moraes Holschuh <hmh@....eng.br>
To:	Theodore Tso <tytso@....edu>, Jeff Garzik <jeff@...zik.org>,
	Chris Peterson <cpeterso@...terso.com>,
	"Kok, Auke" <auke-jan.h.kok@...el.com>,
	Rick Jones <rick.jones2@...com>,
	"Brandeburg, Jesse" <jesse.brandeburg@...el.com>,
	Alan Cox <alan@...rguk.ukuu.org.uk>, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] drivers/net: remove network drivers' last few uses of
	IRQF_SAMPLE_RANDOM

On Thu, 15 May 2008, Theodore Tso wrote:
> On Thu, May 15, 2008 at 06:44:22PM -0400, Jeff Garzik wrote:
> > I just sorta assumed a buffering, interrupt-driver TPM RNG driver would be 
> > better than doing it from userspace, but maybe that was a bad assumption to 
> > make on my part.  It should be quite doable to support TPM RNG entirely via 
> > userspace, at any rate.
> 
> If I recall correctly, you need access to a magic TPM key just to
> *talk* to the TPM.  Normally that key is stored in a file, and of

The TPM has some sort of idea of restricted operations.  It will depend
whether one can get random numbers as an anonymous party (and frankly, I
don't care for looking at the TCG docs right now to find out).

I certaily can ask the TPM "are you there?" even when it is disabled(!),
so I would not be too surprised to find out that, as long as it is
enabled, it will return random numbers to anyone.

But access to the TPM requires a control layer which must have excusive
access to the chip.  That layer would have to move into the kernel...
IMHO, it is just not worth even bothering with the idea, and just do it
all in userspace.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ