On Mon, 2025-10-06 at 17:12 +0300, Jarkko Sakkinen wrote: > 2. Null seed was extremely bad idea. The way I'm planning to actually > fix this is to parametrize the primary key to a persistent key > handle > stored into nvram of the chip instead of genration. This will > address > also ambiguity and can be linked directly to vendor ceritifcate > for e.g. to perfom remote attesttion.
Just a minute, there's been no discussion or debate about this on the list. The rationale for using the NULL seed is clearly laid out here: https://docs.kernel.org/security/tpm/tpm-security.html But in brief it is the only way to detect reset attacks against the TPM and a reset attack is the single simplest attack an interposer can do. If you think there's a problem with the approach, by all means let's have a debate, since TPM security is always a trade off, but you can't simply come to your own opinion and try to impose it by fiat without at least raising whatever issue you think you've found with the parties who contributed the code in the first place. Regards, James
