On Tue, Dec 16, 2025 at 01:14:38AM +0200, Jarkko Sakkinen wrote: > 1. tpm2_get_random() is costly when TCG_TPM2_HMAC is enabled and thus its > use should be pooled rather than directly used. This both reduces > latency and improves its predictability. > > 2. Linux is better off overall if every subsystem uses the same source for > generating the random numbers required. > > Thus, unset '.get_random', which causes fallback to kernel_get_random(). > > One might argue that TPM RNG should be used so that generated trusted keys > have the matching entropy with the TPM internally generated objects. > > This argument does some weight into it but as far cryptography goes, FIPS > certification sets the exact bar, not which exact FIPS certified RNG will > be used. Thus, the rational choice is obviously to pick the lowest latency > path. > > Finally, there also some actual defence in depth benefits on using kernel > RNG. E.g., it helps to mitigate TPM firmware bugs concerning RNG > implementation, which do happen in the wild occasionally. > > Reviewed-by: Eric Biggers <[email protected]> > Signed-off-by: Jarkko Sakkinen <[email protected]>
I noticed also some typos in the commit message. I think I will also supplement this with a patch that unexports tpm_get_random(), as the patch zeros the external call sites. Full encapsulation to the driver is exactly should aim for in order to make hwrng easier target for further optimizations. BR, Jarkko
