Thread (26 messages) 26 messages, 6 authors, 2017-10-26

Re: [PATCH] tpm: remove chip_num parameter from in-kernel API

From: Peter Huewe <hidden>
Date: 2017-10-24 18:42:28
Also in: keyrings, linux-integrity, linux-security-module, lkml 


Am 24. Oktober 2017 20:15:12 MESZ schrieb Jarkko Sakkinen [off-list ref]:
On Tue, Oct 24, 2017 at 10:02:00AM -0700, Dmitry Torokhov wrote:
quoted
On Tue, Oct 24, 2017 at 9:11 AM, Jason Gunthorpe
[off-list ref] wrote:
quoted
On Tue, Oct 24, 2017 at 09:37:33PM +0530, PrasannaKumar
Muralidharan wrote:
quoted
quoted
quoted
Hi Jason,

On 24 October 2017 at 21:25, Jason Gunthorpe
[off-list ref] wrote:
quoted
On Tue, Oct 24, 2017 at 09:21:15PM +0530, PrasannaKumar
Muralidharan wrote:
quoted
quoted
quoted
quoted
quoted
Please check the RFC [1]. It does use chip id. The rfc has
issues and
quoted
quoted
quoted
quoted
quoted
has to be fixed but still there could be users of the API.

1. https://www.spinics.net/lists/linux-crypto/msg28282.html
That patch isn't safe at all. You need to store a kref to th
chip in
quoted
quoted
quoted
quoted
the hwrng, not parse a string.
The drivers/char/hw_random/tpm-rng.c module does not store the
chip
quoted
quoted
quoted
reference so I guess the usage is safe.
It is using the default TPM, it is always safe to use the default
tpm.
quoted
tpm-rng is abomination that should be kicked out as soon as possible.
It wrecks havoc with the power management (TPM chip drivers may go
into suspend state, but tpm_rng does not do any power management and
happily forwards requests to suspended hardware) and may be available
when there is no TPM at all yet (the drivers have not been probed
yet,
quoted
or have gotten a deferral, etc).

TPM core should register HWRNGs when chips are ready.

Thanks.

-- 
Dmitry
I'm fine to review a two patch set where:

1. Patch 1 removes the existing TPM rng driver
2. Patch 2 makes the TPM driver as rng producer
Yes, but tpm must be kept a hwrng source.
This is imho an important use case.

Unrelate to patch that I'm proposing now but this sounds sensible.

/Jarkko
-- 
Sent from my mobile

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
  



    
  

  
    

      

        Keyboard shortcuts
      

      

        
          
hback out one level

          
jnext message in thread

          
kprevious message in thread

          
ldrill in

          
Escclose help / fold thread tree

          
?toggle this help