On Mon, Dec 15, 2025 at 09:01:49PM +0100, James Bottomley wrote: > On Mon, 2025-12-15 at 21:43 +0200, Jarkko Sakkinen wrote: > [...] > > I think there is misunderstanding with FIPS. > > > > Having FIPS certificated RNG in TPM matters but it only matters only > > in the sense that callers can be FIPS certified as they use that RNG > > as a source. > > > > Using FIPS certified RNG does not magically make callers be FIPS > > ceritified actors. The data is contaminated in that sense at the > > point when kernel acquires it. > > I think FIPS certification is a red herring. The point being made in > the original thread is about RNG quality. The argument essentially > being that the quality of the TPM RNG is known at all points in time > but the quality of the kernel RNG (particularly at start of day when > the entropy pool is new) is less certain.
OK, that's fair point. I.e., using TPM2_GetRandom here makes sense, not because of FIPS certification per se but because it is guarantees matching entropy to other types of keys generated with TPM2_Create (as everything uses the same RNG). I can buy this but think it would really make sense to add a comment to the source code. I was thinking something along the lines of: /* * tpm_get_random() is used here directly instead of relying kernel's * RNG in order to match RNGs with objects generated by TPM internally. */ It does not mention FIPS explicitly because I think this is already enforcing condition and thus enough. And e.g., applies also when one uses an emulator (and thus useful tidbit for that use and purpose). > > Regards, > > James > BR, Jarkko
