Received: by 2002:a05:6358:c692:b0:131:369:b2a3 with SMTP id fe18csp4837822rwb; Mon, 31 Jul 2023 13:07:08 -0700 (PDT) X-Google-Smtp-Source: APBJJlGlUZY3tJg19sJtB2VE7DOMINcRSqm8AJgsQtW+nfafiZmmdXG03IbNCu5q2kAxXvrCe/sT X-Received: by 2002:a17:906:cc4c:b0:99b:d2a9:99f5 with SMTP id mm12-20020a170906cc4c00b0099bd2a999f5mr575553ejb.6.1690834027966; Mon, 31 Jul 2023 13:07:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690834027; cv=none; d=google.com; s=arc-20160816; b=D6nq8gy+PjXs2Svvt9kMcL/miMZG8csg23kOQYYQkL34rgw550uOa1PsDoYneibMBW +91xOn8NcHnkJKzchdXf3lK9Y5Y3rRxuSlA3/4HNZ35Z9ORqi/JSUQDkt7X3kG8Esq/A hFc6p09dnQZTmewCYlBXzuW/MZsYweb1kiRqw5DA2EKTtx6HZb6ds2Xj4XRbf2xmrVJm gM2IQV7qmK0bA5I8GfYsTpRGjYi2nqggZTuWtbdmj2CD3nSGZmX+rktwJjY50Df6fE6b JdELNCCmDR5kqBRToNIaq9PC9d7Jt0f2zQ0F5PnzWfRZEVRlSUvKe7erjnent7l3diPS 2PBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=ANccUczuCdN/Ctbbd+CLowkmR/s9+vGuLKhYUkmLMiM=; fh=jC+aGijSkgGI3zjDbistQ6Z52i3bPkE59PckOnuDeDw=; b=ocLSt3OVz7yGM4nODAfdpqB7ZP9p8CRWdAo3UJNj8O5z8IiMGift5OUy0fWN/aURbY 5B0uAy+Avvyt3Ckk94C9G/ctADicir8irSnno1UYql159xRw0KFtUreGCgRwK1/f12T/ zkG2i+8h+GSGEteKsHgj80LbRp40lDkQdQfVhKwaSyGOEHQKDURTM58J4OaCa3bvsWou LQsluf6ZtnFdYQrDKcfnZKuAu/F0it2kQJH6cZdWsaNpYT/G/4pOIiXReBU9Yzlu18ym Qpk0/RNxcWjc/DNhbIf684f7UUvBpynaofZbSbQ+uIBUo3W8ZafEBE9iRlLO8H2yzFTr z/4g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=g3DHojZd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id um26-20020a170906cf9a00b0099bc58ab34csi7617777ejb.135.2023.07.31.13.06.42; Mon, 31 Jul 2023 13:07:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=g3DHojZd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231287AbjGaTbV (ORCPT + 99 others); Mon, 31 Jul 2023 15:31:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58098 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231300AbjGaTbS (ORCPT ); Mon, 31 Jul 2023 15:31:18 -0400 Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 63AEC19A2 for ; Mon, 31 Jul 2023 12:31:16 -0700 (PDT) Received: by mail-lf1-x135.google.com with SMTP id 2adb3069b0e04-4fe383c1a26so2025437e87.1 for ; Mon, 31 Jul 2023 12:31:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; t=1690831874; x=1691436674; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ANccUczuCdN/Ctbbd+CLowkmR/s9+vGuLKhYUkmLMiM=; b=g3DHojZdzR4AtFnafLgXcdiYZhs/PUZV9eFNZwj2qDJmppmTMxtgdctVcFk+XYdSuS 39bdNJZN0ISfpf9OF29Z1NG1w9zDF+12g/Jy+AmtYLP6t2W/nrETrFfc5sCh9LEB9O2W fWSPBg1/18olsNfxyLiexST/xgjfElDpEJEMo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690831874; x=1691436674; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ANccUczuCdN/Ctbbd+CLowkmR/s9+vGuLKhYUkmLMiM=; b=YRwwax2bojrvveJJz96ctll6kD9cVT4WBld9qMpTET9KfV9ZVAn3Vysx6gW4GY5DXy KvuYsKkpnQL/4Y9XqaW91PefB8QV101DKWe6ar/GKYibb0gSomZN+eU4YQ/rd1JLnvWO KSU4lOpvBk/aEC9DifBm4YYWYFohxniRY8HRxWSNJFktSPW7n9CpTIMfr73IKPK7u0Vf rksZDXCIvwiPtgkFAd7EKYmyKqsQN/GSBDniO0CouG0H2GgzpRRXMWAEbUqcClfLyI+C xOhjTibVRGLtAUZS0pd+1+HATqNmqgaIO9IBSzoV/TKnX1WOTzMmOtq20AJkmpuDlCNc U5gA== X-Gm-Message-State: ABy/qLZvCQxxAvSkYN706kJAM0r5+J3+9HGUqdts3eYf4MPVnwMvcGXk 2bpE7UCr5CWrtBUWogoB+SSePuEkIvvgSU4lGDLLVi37 X-Received: by 2002:a19:6703:0:b0:4fd:fabf:b923 with SMTP id b3-20020a196703000000b004fdfabfb923mr550682lfc.14.1690831874468; Mon, 31 Jul 2023 12:31:14 -0700 (PDT) Received: from mail-lf1-f46.google.com (mail-lf1-f46.google.com. [209.85.167.46]) by smtp.gmail.com with ESMTPSA id q25-20020ac25a19000000b004fe061269edsm2183608lfn.249.2023.07.31.12.31.13 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 31 Jul 2023 12:31:13 -0700 (PDT) Received: by mail-lf1-f46.google.com with SMTP id 2adb3069b0e04-4fe383c1a26so2025391e87.1 for ; Mon, 31 Jul 2023 12:31:13 -0700 (PDT) X-Received: by 2002:ac2:5931:0:b0:4fb:92df:a27b with SMTP id v17-20020ac25931000000b004fb92dfa27bmr523833lfi.39.1690831873036; Mon, 31 Jul 2023 12:31:13 -0700 (PDT) MIME-Version: 1.0 References: <20230727183805.69c36d6e@g14> <20230727193949.55c18805@g14> <65a1c307-826d-4ca3-0336-07a185684e5d@amd.com> <20230727195019.41abb48d@g14> <67eefe98-e6df-e152-3169-44329e22478d@amd.com> <20230727200527.4080c595@g14> <105b9d13-cedd-7d3c-1f29-2c65199f1de7@amd.com> In-Reply-To: <105b9d13-cedd-7d3c-1f29-2c65199f1de7@amd.com> From: Linus Torvalds Date: Mon, 31 Jul 2023 12:30:56 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 1/1] tpm: disable hwrng for fTPM on some AMD designs To: "Limonciello, Mario" Cc: Jarkko Sakkinen , Daniil Stas , James.Bottomley@hansenpartnership.com, Jason@zx2c4.com, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, regressions@leemhuis.info, stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 31 Jul 2023 at 12:18, Limonciello, Mario wrote: > > > Is there some way to just see "this is a fTPM"? > > How many fTPM implementations are there? We're talking like less than 5 > right? Maybe just check against a static list when > calling tpm_add_hwrng(). Sounds sane. But I was hoping for some direct way to just query "are you a firmware SMI hook, or real hardware". It would be lovely to avoid the list, because maybe AMD does - or in the past have done - discrete TPM hardware? So it might not be as easy as just checking against the manufacturer.. That said, maybe it really doesn't matter. I'm perfectly fine with just the "check for AMD as a manufacturer" too. In fact, I'd be perfectly happy with not using the TPM for run-time randomness at all, and purely doing it for the bootup entropy, which is where I feel it matters a lot m ore. > I've had some discussions today with a variety of people on this problem > and there is no advantage to get RNG through the fTPM over RDRAND. Ack. And that's true even if you _trust_ the fTPM. That said, I see no real downside to using the TPM (whether firmware or discrete) to just add to the boot-time "we'll gather entropy for our random number generator from any source". So it's purely the runtime randomness where I feel that the upside just isn't there, and the downsides are real. Linus