Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp1232170ybp; Fri, 4 Oct 2019 11:25:33 -0700 (PDT) X-Google-Smtp-Source: APXvYqxl2lCVg1yr2ZOvc7GYvy3hGTi1nkYQpY+VRiaaf7dqpoa8u9zgK/pOexx0+yPE+XOV33tU X-Received: by 2002:a17:906:95cf:: with SMTP id n15mr13682286ejy.183.1570213532929; Fri, 04 Oct 2019 11:25:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570213532; cv=none; d=google.com; s=arc-20160816; b=aomtIXdu6AcheZ3T98io9SYRGnSwQJ6CRuUsODX+qS+/DHhJ02d/+dA/OwNB/MmWtX bgKSpKV3oZhgoG1K10FusfnYBFJBLZTFvdCvv9oo2JNE7NNt1LgmWsH+1fnxSSy6N9Em X15Atk4NkixAH9GsrWmPs2ABKWZq0bOLoawWeJ25YaibAUjGk2fB7ruV5guZhTqgY/si NoupzYvfViaQeVAkoDLtoD8gI7hi6CuEjbvsZqd1iK+QEniSwFMVcXtpu6TE8/Qo8Vy7 sHAKNud37lO/YzD1Ey17AkgMO3dkT1zcJpkb9mlwr5MGQRmNcoKCDsBp96+0NMI8Cz69 FoTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature:dkim-signature; bh=GCKMRTBOIKuEEFKthWMHdBvYh1QNik0pOF9xdw1kegQ=; b=QwrNu1uxvPJ5OWUQe8/DPM249j6OEY15dLuor0ByjFEljBPZBcfEfuoHIWM/bqZqaH 1Vy/XXLJ1Q9bhA2SFGsMtWx+VRc7tminMeBr/CLiWDhbmIC6M5GJsmi69O7nvuZFRjAN nOLYlpduL0rmvo7Lgd4sEOK7bFjPBZiatT4U4QePA0ix32jy/uFN9/+/6/I82egff7Dt plL2ywXvo/boQJAYqW0hEGJqMAP5+8fcG8VwMDWQbgoliyIvPH+5fWfPWNI3nyXU1tFS QqCn1gkZA3sIrOVWOJoDHb8J+hFSIw+gxUy5Nm8qM9YM6cuX+QIZfTn5b2j6lrRnpcir fQcA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=QcXELgzH; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=QcXELgzH; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r24si3867432edy.417.2019.10.04.11.25.08; Fri, 04 Oct 2019 11:25:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=QcXELgzH; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=QcXELgzH; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728663AbfJDSYy (ORCPT + 99 others); Fri, 4 Oct 2019 14:24:54 -0400 Received: from bedivere.hansenpartnership.com ([66.63.167.143]:60076 "EHLO bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726119AbfJDSYy (ORCPT ); Fri, 4 Oct 2019 14:24:54 -0400 Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id B22188EE21D; Fri, 4 Oct 2019 11:24:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1570213493; bh=/VB1bb02VRoGzsxa3bQ2KZhbDSoDn6Srll/+xl5neA8=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=QcXELgzHbk38MyKmJ6CtAsd+RrsfxQsYoxaYYaiGAvEXNHX7vDfuKK9RbSb82MRhU Ld66foaw2tNyHkfz4xWbnTi6D3ivYtfpPLMxoQzsY0M1FQ7ngNmgG2OLjUQk8DHOYG cZy6la9E0CPJekL76C2pgcPgDqDTLV2YK/EMqccM= Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 36MTGzdnQWFj; Fri, 4 Oct 2019 11:24:53 -0700 (PDT) Received: from jarvis.lan (unknown [50.35.76.230]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id F30AD8EE0EE; Fri, 4 Oct 2019 11:24:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1570213493; bh=/VB1bb02VRoGzsxa3bQ2KZhbDSoDn6Srll/+xl5neA8=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=QcXELgzHbk38MyKmJ6CtAsd+RrsfxQsYoxaYYaiGAvEXNHX7vDfuKK9RbSb82MRhU Ld66foaw2tNyHkfz4xWbnTi6D3ivYtfpPLMxoQzsY0M1FQ7ngNmgG2OLjUQk8DHOYG cZy6la9E0CPJekL76C2pgcPgDqDTLV2YK/EMqccM= Message-ID: <1570213491.3563.27.camel@HansenPartnership.com> Subject: Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes() From: James Bottomley To: Jarkko Sakkinen Cc: Mimi Zohar , David Safford , linux-integrity@vger.kernel.org, stable@vger.kernel.org, David Howells , Herbert Xu , "David S. Miller" , "open list:ASYMMETRIC KEYS" , "open list:CRYPTO API" , open list Date: Fri, 04 Oct 2019 11:24:51 -0700 In-Reply-To: <20191004182216.GB6945@linux.intel.com> References: <20190926171601.30404-1-jarkko.sakkinen@linux.intel.com> <1570024819.4999.119.camel@linux.ibm.com> <20191003114119.GF8933@linux.intel.com> <1570107752.4421.183.camel@linux.ibm.com> <20191003175854.GB19679@linux.intel.com> <1570128827.5046.19.camel@linux.ibm.com> <20191003215125.GA30511@linux.intel.com> <20191003215743.GB30511@linux.intel.com> <1570140491.5046.33.camel@linux.ibm.com> <1570147177.10818.11.camel@HansenPartnership.com> <20191004182216.GB6945@linux.intel.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.26.6 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Fri, 2019-10-04 at 21:22 +0300, Jarkko Sakkinen wrote: > On Thu, Oct 03, 2019 at 04:59:37PM -0700, James Bottomley wrote: > > I think the principle of using multiple RNG sources for strong keys > > is a sound one, so could I propose a compromise: We have a tpm > > subsystem random number generator that, when asked for random > > bytes first extracts bytes from the TPM RNG and places it into > > the kernel entropy pool and then asks for random bytes from the > > kernel RNG? That way, it will always have the entropy to satisfy > > the request and in the worst case, where the kernel has picked up > > no other entropy sources at all it will be equivalent to what we > > have now (single entropy source) but usually it will be a much > > better mixed entropy source. > > I think we should rely the existing architecture where TPM is > contributing to the entropy pool as hwrng. That doesn't seem to work: when I trace what happens I see us inject 32 bytes of entropy at boot time, but never again. I think the problem is the kernel entropy pool is push not pull and we have no triggering event in the TPM to get us to push. I suppose we could set a timer to do this or perhaps there is a pull hook and we haven't wired it up correctly? James