On Sun, 2019-03-03 at 18:59 +0100, Kurt Roeckx wrote: [...] > Most people will actually have at least 2 hardware RNGs: One in > the CPU and one in the TPM. We can make the kernel trust those as > entropy source without using something in userspace to feed it. > I'm not sure in the kernel has the option to use the TPM directly > as source, but it makes it available as /dev/hwrng. [...]
If there is at least one hardware RNG with a non-zero "quality" then the kernel will start a thread (khwrngd) that reads from the hardware RNG and adds those bits to the core RNG, crediting each bit with quality/1024 bits of entropy. Most hardware RNG drivers don't specify quality and it defaults to zero, but this can be overridden by setting the module parameter rng-core.default_quality. Perhaps we should set a low but non-zero default value? There are potential problems with doing this: some of these hardware RNGs are probably quite weak, so we have to be very conservative, but then the less entropy we credit the more CPU time will be spent in the hardware RNG reader thread. Ben. -- Ben Hutchings No political challenge can be met by shopping. - George Monbiot
signature.asc
Description: This is a digitally signed message part
