Received: by 2002:a05:6358:c692:b0:131:369:b2a3 with SMTP id fe18csp4811256rwb; Mon, 31 Jul 2023 12:36:41 -0700 (PDT) X-Google-Smtp-Source: APBJJlEoEsCSYLL/47XW5tQ9CVvsikmJGH5iOWMmZfcNx4Nt4bwPDigjnvYxKdjkhFtxCk/x/pl7 X-Received: by 2002:a05:6870:a548:b0:1be:e066:acc with SMTP id p8-20020a056870a54800b001bee0660accmr4202703oal.50.1690832201241; Mon, 31 Jul 2023 12:36:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690832201; cv=none; d=google.com; s=arc-20160816; b=lb7sE2EIgGn5Fe4bzFYLbHSNiq6AgkX5nTEmL0a0YmkHX+MAxR1/nMibkDCqbpouCH iTeZk7uvLqEgveA09xAxLSTjUJCPCJB87qa59jQvxE4Tt07OVkYmW+jrYrKGR/Z4ohRG A2YceDlaLyVhQTzoLsb1ai749YMolWuh7SUuxCun3psaDhUDxVU8kgt+pi+HaHPTfVHB wn3UCrIWfDkXUPhC27eSqYDgIM1W//yyEZcAxS5EA9aKdLsH9JvpWs2pHU4qWz+lopxV yJfcrPL0hC6FwGFw5tdVofPGySZqpNxddae2hPfdiTF8JpuWw8nxZk6yYANjWgXrOX0e 2Tmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=l2WxsWAHvSSljtKQmToghU/ZBm1ZT8P5v2Qhy5RjWOk=; fh=hpYOOavXYreIpKpn5dLSYLpvaaeH20Ns95/S9YokdiY=; b=adH1CykyUoGcieUxUsYOF9ZOX4ejdLf/0w5Sm6z+P5nhGZgVW2SllOpPn32hsW1MOv og4a9o/kbEMHqMd4KCxrzi41bhfLqDAWNZHmjKP98Gk6kSldVbEaOD2DR7kxBAOVNMn4 5DB3YstdMtn/oDfuGqqnbRzir+E5R7A1u6iZb8AfGgdNbVOB32u2p4QEaasmNPvk/m+j 2vct0mwE/GohRqFOVmRSux6zqav2BrEarzfcm9JNvbT4hn6PDCZhSYk+yt7tSPTwYlpE t407Qe43xb6s1ik7O7Rq+kc/W/eIFQFNweW0a0gtAf0n9qnU3S8+u2EAXzlVHiVcsWTz pN0g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=FivhBWf5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w3-20020a63f503000000b0056419b1dc13si5964221pgh.511.2023.07.31.12.36.29; Mon, 31 Jul 2023 12:36:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=FivhBWf5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229881AbjGaTGX (ORCPT + 99 others); Mon, 31 Jul 2023 15:06:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44020 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229911AbjGaTGW (ORCPT ); Mon, 31 Jul 2023 15:06:22 -0400 Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2EAE01FCE for ; Mon, 31 Jul 2023 12:06:02 -0700 (PDT) Received: by mail-wr1-x432.google.com with SMTP id ffacd0b85a97d-307d20548adso4357665f8f.0 for ; Mon, 31 Jul 2023 12:06:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; t=1690830360; x=1691435160; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=l2WxsWAHvSSljtKQmToghU/ZBm1ZT8P5v2Qhy5RjWOk=; b=FivhBWf5dm+70AtLuhtGSDQWg5T17ddlB5XsAt1myLyxWnKFK+8Xk7iV1BUtuFBhSU ZrSydZjVrkpQbWaZJhZJq+tEpQExDh5AB2N8rT9kJJrbMgXZl8P95YSKDKTB8S2vEBeA v1YOpMOWdBt995jFr1PtnzTDjoeJMPF/hE9QM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690830360; x=1691435160; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=l2WxsWAHvSSljtKQmToghU/ZBm1ZT8P5v2Qhy5RjWOk=; b=Ri+mbDbwNFzvv5ugQnjcKIp1sF18Eo55OmSMZcHctbagn+oNE8RjS0Y2pftXg7xUV+ G8zveswvoFWvL/N9fbYMQ4kehClQ6rKX2833df061b6m7UUx+g54dzAPiK5VQjB6P5YW 0bWyr8nE8arnlO90sc8lqlxWAHK/ouTXtNbml4uhVit0sGOE8KRT0aQjpVi6dRaO13mq 2MXsZcqpV61bv/YQGYGdHOFYGARq1M5N6hMk3TBk8/tuPb/scit6HRP3eJ8nRWBmnrRy feovs9UEf2bVbitch7JdBxHFF+KqcYfGlxihiDoTxlWOzZB/fXADtbyVT6N9vjEmd14I bYag== X-Gm-Message-State: ABy/qLY9Toqs4yXs4tZ16M+aMdO1lr17H3kx9WJ9pD6Ijp2TAmQDhucY JbVjAb/UdIpZ5HwhCEJpbAQgbsp1qnXgSNNUl9EWKFUd X-Received: by 2002:adf:e50e:0:b0:315:adf3:67db with SMTP id j14-20020adfe50e000000b00315adf367dbmr462795wrm.59.1690830360585; Mon, 31 Jul 2023 12:06:00 -0700 (PDT) Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com. [209.85.208.53]) by smtp.gmail.com with ESMTPSA id k19-20020aa7c053000000b005222c6fb512sm5729036edo.1.2023.07.31.12.05.59 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 31 Jul 2023 12:06:00 -0700 (PDT) Received: by mail-ed1-f53.google.com with SMTP id 4fb4d7f45d1cf-5222bc91838so7234077a12.0 for ; Mon, 31 Jul 2023 12:05:59 -0700 (PDT) X-Received: by 2002:aa7:dcc3:0:b0:522:31d5:ee8e with SMTP id w3-20020aa7dcc3000000b0052231d5ee8emr691287edu.8.1690830358999; Mon, 31 Jul 2023 12:05:58 -0700 (PDT) MIME-Version: 1.0 References: <20230727183805.69c36d6e@g14> <20230727193949.55c18805@g14> <65a1c307-826d-4ca3-0336-07a185684e5d@amd.com> <20230727195019.41abb48d@g14> <67eefe98-e6df-e152-3169-44329e22478d@amd.com> <20230727200527.4080c595@g14> In-Reply-To: From: Linus Torvalds Date: Mon, 31 Jul 2023 12:05:41 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 1/1] tpm: disable hwrng for fTPM on some AMD designs To: Jarkko Sakkinen Cc: Daniil Stas , Mario Limonciello , James.Bottomley@hansenpartnership.com, Jason@zx2c4.com, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, regressions@leemhuis.info, stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 31 Jul 2023 at 03:53, Jarkko Sakkinen wrote: > > I quickly carved up a patch (attached), which is only compile tested > because I do not have any AMD hardware at hand. Is there some way to just see "this is a fTPM"? Because honestly, even if AMD is the one that has had stuttering issues, the bigger argument is that there is simply no _point_ in supporting randomness from a firmware source. There is no way anybody should believe that a firmware TPM generates better randomness than we do natively. And there are many reasons to _not_ believe it. The AMD problem is just the most user-visible one. Now, I'm not saying that a fTPM needs to be disabled in general - but I really feel like we should just do static int tpm_add_hwrng(struct tpm_chip *chip) { if (!IS_ENABLED(CONFIG_HW_RANDOM_TPM)) return 0; // If it's not hardware, don't treat it as such if (tpm_is_fTPM(chip)) return 0; [...] and be done with it. But hey, if we have no way to see that whole "this is firmware emulation", then just blocking AMD might be the only way. Linus