Re: [PATCH v2] KEYS: trusted: Use get_random-fallback for TPM

Next message: Jarkko Sakkinen: "[PATCH v3] KEYS: trusted: Use get_random-fallback for TPM"
Previous message: Jarkko Sakkinen: "Re: [PATCH v2] KEYS: trusted: Use get_random-fallback for TPM"
In reply to: Jarkko Sakkinen: "Re: [PATCH v2] KEYS: trusted: Use get_random-fallback for TPM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jarkko Sakkinen

Date: Mon Dec 15 2025 - 18:25:10 EST

On Tue, Dec 16, 2025 at 01:14:38AM +0200, Jarkko Sakkinen wrote:
> 1. tpm2_get_random() is costly when TCG_TPM2_HMAC is enabled and thus its
> use should be pooled rather than directly used. This both reduces
> latency and improves its predictability.
>
> 2. Linux is better off overall if every subsystem uses the same source for
> generating the random numbers required.
>
> Thus, unset '.get_random', which causes fallback to kernel_get_random().
>
> One might argue that TPM RNG should be used so that generated trusted keys
> have the matching entropy with the TPM internally generated objects.
>
> This argument does some weight into it but as far cryptography goes, FIPS
> certification sets the exact bar, not which exact FIPS certified RNG will
> be used. Thus, the rational choice is obviously to pick the lowest latency
> path.
>
> Finally, there also some actual defence in depth benefits on using kernel
> RNG. E.g., it helps to mitigate TPM firmware bugs concerning RNG
> implementation, which do happen in the wild occasionally.
>
> Reviewed-by: Eric Biggers <ebiggers@xxxxxxxxxx>
> Signed-off-by: Jarkko Sakkinen <jarkko@xxxxxxxxxx>

I noticed also some typos in the commit message.

I think I will also supplement this with a patch that unexports
tpm_get_random(), as the patch zeros the external call sites.

Full encapsulation to the driver is exactly should aim for in order to
make hwrng easier target for further optimizations.

BR, Jarkko