Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp1238291ybp; Fri, 4 Oct 2019 11:31:09 -0700 (PDT) X-Google-Smtp-Source: APXvYqz+niGzshR0qdXvKT3BfMfgjn95UElsMYtTe8LuNKt4Yk/CpAIcrdgfXG5YQ1IbxfCljhZv X-Received: by 2002:a05:6402:1355:: with SMTP id y21mr16787941edw.303.1570213869337; Fri, 04 Oct 2019 11:31:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570213869; cv=none; d=google.com; s=arc-20160816; b=Okl7J66NzDg3+1S3SCTCUODtCO5Eg68sWdlyOjkGiE8+03684tlOYx5GgwX9OEt0gp 9aSqQPWKIpbcQ4bbLbt5RKcOEZl2w3Ix56ffg1JCLIijVW/JYszvxwnk+YEAK7AqXK8u m31FunvyFzxQHm0g0+yF88L7DM4kPG5qIYHWBfwXI0Wt/0onVNbjZFT7jcfT3ZFmeBg8 0HSmWPpOwMjO2dHdSLirA3fXtJJoViqc78LwPrBGY24lYCbXKXY7ALWzM18oMEffGZZt 446r92nhm6eQS93B5m4Q7NkRo7LzwqilYuubb9CsLprExFYn4o8VgOQssgiIFz9awyX0 1WbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:organization:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=ckVyFZF/ztCRL8rcbwpAmT8kDoGHPD6rWDmBG8V66gQ=; b=yNvVGzAFVAhBAXDp4RSTHbkvjT0S7oj9qVYKVJy63WIBef/szSReSS0HYjaPVH7prU ulv4+39GAbID8KSNbuVbdqIO0062EKXmHyCi42kS3wgsy/a5uWdAag9r17G+XirTviIM 5fSlCy7OS+4qf8X/L9mHVCDAUBggdqfDIByBwOLgd8w9wZy1GZVkSibgDxdeRutn/j6M +FUAWRLW9DeqCM1c/ZBJnUgKJHUZSdUhTnyKINHfsQxhl9i7UHRa/Kg4d+yOZbx4ODWn kUKMFI7jXHcDjeYUIK2u8mSdOlQS2MiAqlbCMnJKfFHL1UqDzfWYv+tMJBMsprXVNU6z wnnQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r24si3867432edy.417.2019.10.04.11.30.45; Fri, 04 Oct 2019 11:31:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730131AbfJDSaM (ORCPT + 99 others); Fri, 4 Oct 2019 14:30:12 -0400 Received: from mga03.intel.com ([134.134.136.65]:43310 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726119AbfJDSaL (ORCPT ); Fri, 4 Oct 2019 14:30:11 -0400 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Oct 2019 11:30:10 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,257,1566889200"; d="scan'208";a="205911849" Received: from nzaki1-mobl1.ger.corp.intel.com (HELO localhost) ([10.252.4.57]) by fmsmga001.fm.intel.com with ESMTP; 04 Oct 2019 11:30:04 -0700 Date: Fri, 4 Oct 2019 21:30:03 +0300 From: Jarkko Sakkinen To: "Safford, David (GE Global Research, US)" Cc: Mimi Zohar , "Wiseman, Monty (GE Global Research, US)" , "linux-integrity@vger.kernel.org" , "stable@vger.kernel.org" , David Howells , Herbert Xu , "David S. Miller" , "open list:ASYMMETRIC KEYS" , "open list:CRYPTO API" , open list Subject: Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes() Message-ID: <20191004183003.GD6945@linux.intel.com> References: <20190926171601.30404-1-jarkko.sakkinen@linux.intel.com> <1570024819.4999.119.camel@linux.ibm.com> <20191003114119.GF8933@linux.intel.com> <1570107752.4421.183.camel@linux.ibm.com> <20191003175854.GB19679@linux.intel.com> <1570128827.5046.19.camel@linux.ibm.com> <20191004182711.GC6945@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20191004182711.GC6945@linux.intel.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > > There are many good reasons for wanting the keys to be based on the > > TPM generator. As the source for the kernel random number generator > > itself says, some systems lack good randomness at startup, and systems > > should preserve and reload the pool across shutdown and startup. > > There are use cases for trusted keys which need to generate keys > > before such scripts have run. Also, in some use cases, we need to show > > that trusted keys are FIPS compliant, which is possible with TPM > > generated keys. > > If you are able to call tpm_get_random(), the driver has already > registered TPN as hwrng. With this solution you fail to follow the > principle of defense in depth. If the TPM random number generator > is compromissed (has a bug) using the entropy pool will decrease > the collateral damage. I.e. you make everything depend on single point of failure instead of multiple (e.g. rdrand, TPM, whatnot). /Jarkko