Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated

From: Jarkko Sakkinen
Date: Tue Jul 09 2019 - 12:25:07 EST

Next message: Abdul Haleem: "[linux-next][P9]Build error at drivers/gpu/drm/amd/amdgpu/amdgpu_mn.h:69 error: field mirror has incomplete type"
Previous message: Nicolas.Ferre: "Re: [PATCH] drm/atmel-hlcdc: set layer REP bit to enable replication logic"
In reply to: James Bottomley: "Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated"
Next in thread: Mimi Zohar: "Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jul 08, 2019 at 01:34:59PM -0700, James Bottomley wrote:
> Not a criticism of your patch, but can we please stop doing this.
> Single random number sources are horrendously bad practice because it
> gives an attacker a single target to subvert. We should ensure the TPM
> is plugged into the kernel RNG as a source and then take randomness
> from the mixed pool so it's harder for an attacker because they have to
> subvert all our sources to predict what came out.

It is and I agree.

/Jarkko

Next message: Abdul Haleem: "[linux-next][P9]Build error at drivers/gpu/drm/amd/amdgpu/amdgpu_mn.h:69 error: field mirror has incomplete type"
Previous message: Nicolas.Ferre: "Re: [PATCH] drm/atmel-hlcdc: set layer REP bit to enable replication logic"
In reply to: James Bottomley: "Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated"
Next in thread: Mimi Zohar: "Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]