Re: [PATCH v9 01/11] KEYS: trusted: Use get_random-fallback for TPM

Next message: Jarkko Sakkinen: "Re: [PATCH v9 01/11] KEYS: trusted: Use get_random-fallback for TPM"
Previous message: Nathan Chancellor: "Re: [patch 20/48] x86/apic: Enable TSC coupled programming mode"
Next in thread: Jarkko Sakkinen: "Re: [PATCH v9 01/11] KEYS: trusted: Use get_random-fallback for TPM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jarkko Sakkinen

Date: Tue Mar 03 2026 - 16:32:41 EST

On Fri, Feb 20, 2026 at 01:04:30PM -0500, Mimi Zohar wrote:
> [Cc: Chris Fenner, Jonathan McDowell, Roberto]
>
> On Sun, 2026-01-25 at 21:25 +0200, Jarkko Sakkinen wrote:
> > 1. tpm2_get_random() is costly when TCG_TPM2_HMAC is enabled and thus its
> > use should be pooled rather than directly used. This both reduces
> > latency and improves its predictability.
>
> If the concern is the latency of encrypting the bus session, please remember
> that:
>
> - Not all environments expose the TPM bus to sniffing.
> - The current TPM trusted keys design is based on TPM RNG, but already allows it
> to be replaced with the kernel RNG via the "trusted_rng=kernel" boot command
> line option.
> - The proposed patch removes that possibility for no reason.
>
> Mimi & Elaine

I'm keeping this patch set in queue branch, possibly picking patches to
some other patch set or they are available for picking to other patch
sets.

BR, Jarkko