Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated

From: Jarkko Sakkinen
Date: Tue Jul 09 2019 - 12:25:07 EST

On Mon, Jul 08, 2019 at 01:34:59PM -0700, James Bottomley wrote:
> Not a criticism of your patch, but can we please stop doing this.
> Single random number sources are horrendously bad practice because it
> gives an attacker a single target to subvert. We should ensure the TPM
> is plugged into the kernel RNG as a source and then take randomness
> from the mixed pool so it's harder for an attacker because they have to
> subvert all our sources to predict what came out.

It is and I agree.