[Cc: Chris Fenner, Jonathan McDowell, Roberto] On Sun, 2026-01-25 at 21:25 +0200, Jarkko Sakkinen wrote: > 1. tpm2_get_random() is costly when TCG_TPM2_HMAC is enabled and thus its > use should be pooled rather than directly used. This both reduces > latency and improves its predictability.
If the concern is the latency of encrypting the bus session, please remember that: - Not all environments expose the TPM bus to sniffing. - The current TPM trusted keys design is based on TPM RNG, but already allows it to be replaced with the kernel RNG via the "trusted_rng=kernel" boot command line option. - The proposed patch removes that possibility for no reason. Mimi & Elaine
