Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated

[PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Roberto Sassu <roberto.sassu@huawei.com> · 2019-07-05
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Tyler Hicks <hidden> · 2019-07-08
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · James Bottomley <hidden> · 2019-07-08
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Jarkko Sakkinen <hidden> · 2019-07-09
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Mimi Zohar <zohar@linux.ibm.com> · 2019-07-09
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Tyler Hicks <hidden> · 2019-08-02
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Jarkko Sakkinen <hidden> · 2019-07-11
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Roberto Sassu <roberto.sassu@huawei.com> · 2019-07-15
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Jarkko Sakkinen <hidden> · 2019-08-01
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Roberto Sassu <roberto.sassu@huawei.com> · 2019-08-02
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Tyler Hicks <hidden> · 2019-08-02
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Jarkko Sakkinen <hidden> · 2019-08-02
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Tyler Hicks <hidden> · 2019-08-02
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Tyler Hicks <hidden> · 2019-08-02
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Jarkko Sakkinen <hidden> · 2019-08-03
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Mimi Zohar <zohar@kernel.org> · 2019-08-04
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Roberto Sassu <roberto.sassu@huawei.com> · 2019-08-05
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Mimi Zohar <zohar@linux.ibm.com> · 2019-08-05
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Roberto Sassu <roberto.sassu@huawei.com> · 2019-08-05
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Tyler Hicks <hidden> · 2019-08-05
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Roberto Sassu <roberto.sassu@huawei.com> · 2019-08-05
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Tyler Hicks <hidden> · 2019-08-05
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Jarkko Sakkinen <hidden> · 2019-08-05
Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated · Jarkko Sakkinen <hidden> · 2019-08-02

From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2019-07-09 16:32:08
Also in: keyrings, linux-integrity, lkml

On Tue, 2019-07-09 at 19:24 +0300, Jarkko Sakkinen wrote:

On Mon, Jul 08, 2019 at 01:34:59PM -0700, James Bottomley wrote:

quoted

Not a criticism of your patch, but can we please stop doing this. 
Single random number sources are horrendously bad practice because it
gives an attacker a single target to subvert.  We should ensure the TPM
is plugged into the kernel RNG as a source and then take randomness
from the mixed pool so it's harder for an attacker because they have to
subvert all our sources to predict what came out.

It is and I agree.

I still haven't quite figured out why the digests need to be
initialized to anything other than 0.

Mimi

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help