Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp1364167ybg; Fri, 18 Oct 2019 16:47:55 -0700 (PDT) X-Google-Smtp-Source: APXvYqzG/DbIBtCyUXxMwm3lmpX79Tm6gFIVp0XKDhnWmJ8PnyZSoerbZGFNMndd7oxk6vcuZGtH X-Received: by 2002:a17:906:ce2e:: with SMTP id sd14mr11518840ejb.197.1571442475613; Fri, 18 Oct 2019 16:47:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571442475; cv=none; d=google.com; s=arc-20160816; b=dmFfTBjo0Zprv5e0p6JvcrEfuRxt94xQ9mYNTWeN/F5VgTIWXRG+YVbLPaHznJXozj JmOb/dUXQ6SeJSOiqH6Aq6Fq/NJTyQUpt5NF8yXz5l9Pwc5iWdVRuQTa808OWBfv8H7w uaFtzrM34uQsi8dFnbo1tL4Y46itVepRkPAP/SEGg/Rw31uBm6UCCr4kkuyk+tx+JcAF PvMbUmRjm9i2Q2tBk72J9m7dzw8rg/UxYRiFJEGy6oWOO4NG49SyIHmliWbeYJGi2HGg S20IjUg4o+Sif0Q3OnOH4bTbsbyfxkz5veEHDuk5TShjowBy5xPEaxwFgAS5EL7OfM6E E3ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=M59q7a9C0OgA4oCmsCvNmrsotdikD3/oQO5y00c53pE=; b=jPaS9CzDFknLK2ZhwGYA2G/Lu3Et+GtCSubBoXtobm1o0gKIJHWSipopZ0jwLj8u4E sxMaP+ruhIr5s2CYosI1eUH2elVimE2Mezz+xeHg6hMsRzrR+3FNd5oGc5rqOUYFEpYd Ht/cuqAEIB6a6hRzE5zVUXIF5aA9YgbUXrVr+tMYK60x4+fu6c8xuwwqb+6i0JTV3OKH sXDj8rkzIyJ3Hn+T75/K9vSRZnPFNm6ARl7urGIJtzye6Fn0lApxnrfvl6O765hWzMpu QxfGPaoisFbBQW9WjKK6deoqSc2bpkkhWWaB5qCzyN5WC2QGmmybNNsn5xzg7plxO0KR C+dg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=QDjSdwVh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y11si4331928eje.365.2019.10.18.16.47.32; Fri, 18 Oct 2019 16:47:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=QDjSdwVh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2504667AbfJRHci (ORCPT + 99 others); Fri, 18 Oct 2019 03:32:38 -0400 Received: from mail-lj1-f194.google.com ([209.85.208.194]:38598 "EHLO mail-lj1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2504654AbfJRHci (ORCPT ); Fri, 18 Oct 2019 03:32:38 -0400 Received: by mail-lj1-f194.google.com with SMTP id b20so5155000ljj.5; Fri, 18 Oct 2019 00:32:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=M59q7a9C0OgA4oCmsCvNmrsotdikD3/oQO5y00c53pE=; b=QDjSdwVhwSC0JWfWLJhp/h9DdZY9n0KxIP8OCUJAgh30ovPE8RBv1vHr+hVbVE0tME iJD/yM8B0njK1VSHughXZlw5SQkhpbffxcCOWITVKsRI0dqS8/ILGqUXSDE6L6GQObAB 8Spdl/ikovaOjEkQ7UyA0Glo6fnrOJKKEAP/gqHenduF5Lu0WFI9N0bTzyfpDg3zfBV2 IRnoDoHGZNoLlHtk2Azb1de+77SEAhw9DcNfUSfk+GVqyQLuuShl+xT1Ca29rp3J6LGC y80VJ4sumAssPPDxX3/qBR8wbdfQ+PliuJhcYWI5xzyfTw1IL0YY22z+NQybKAWp1Wdy emHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=M59q7a9C0OgA4oCmsCvNmrsotdikD3/oQO5y00c53pE=; b=OqejqXKR2Btm1eTSswEz+ntVUVN002t/R6PIbFviDA8rDmBsMfnOqN1irwdOo3hjLk YCQJmYJPPmSSliIOEzh3BExrQKzDWEeiUZ8AayTQPl8freFcAAWECvbqNSjxLkdTQxQH 4kBGov1jEAb74kfS/wwJFKQ6ZC0kK+QCpj9Tek0yKgWE5jmyg2HTCo2Z5ljF7rAOuRYV CGtjMwbu5cewKg1OpkImqfETsVT4bRSnps0DURCtaijdt2vXKKxSPkUdDmLC/DiX+kCY LzDHJlA+CWX3ZvLndruQAhUAB/FTET9F+bvfxQ79i8N6bJpAMb6VP2lEpy23OeWbbf4U 8qSQ== X-Gm-Message-State: APjAAAUKB0TO2VE+TYCtmu/wgTBKNDFG/DLwK/HVpgBXIRZMFh15wFHX 891On3Yw/5kr2uKORTWgdzQPvF5k2OXAXMhuJaY= X-Received: by 2002:a2e:b4a8:: with SMTP id q8mr5095902ljm.106.1571383954846; Fri, 18 Oct 2019 00:32:34 -0700 (PDT) MIME-Version: 1.0 References: <20191004182711.GC6945@linux.intel.com> <20191007000520.GA17116@linux.intel.com> <59b88042-9c56-c891-f75e-7c0719eb5ff9@linux.ibm.com> <20191008234935.GA13926@linux.intel.com> <20191008235339.GB13926@linux.intel.com> <20191014190033.GA15552@linux.intel.com> <1571081397.3728.9.camel@HansenPartnership.com> <20191016110031.GE10184@linux.intel.com> <1571229252.3477.7.camel@HansenPartnership.com> In-Reply-To: <1571229252.3477.7.camel@HansenPartnership.com> From: Janne Karhunen Date: Fri, 18 Oct 2019 10:32:23 +0300 Message-ID: Subject: Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes() To: James Bottomley Cc: Jarkko Sakkinen , "Safford, David (GE Global Research, US)" , Ken Goldman , Mimi Zohar , "linux-integrity@vger.kernel.org" , "stable@vger.kernel.org" , "open list:ASYMMETRIC KEYS" , "open list:CRYPTO API" , open list Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Oct 16, 2019 at 6:35 PM James Bottomley wrote: > > The documentation says that krng is suitable for key generation. > > Should the documentation changed to state that it is unsuitable? > > How do you get that from the argument above? The krng is about the > best we have in terms of unpredictable key generation, so of course it > is suitable ... provided you give the entropy enough time to have > sufficient entropy. Yes, so it can be both the safest and the least safe option available. By default it's the worst one, but use it wisely and it can be the best source. Hence I was proposing that kconfig option + boot time printout to make this clear for everyone.. -- Janne