[sorry, hit send by mistake...] On Sunday, December 28, 2014, Gustavo De Nardin (spuk) <gustavodn@gmail.com> wrote:
FWIW, I don't think just by enabling
On Wednesday, December 24, 2014, Javier Vasquez <j.e.vasquez.v@gmail.com <javascript:_e(%7B%7D,'cvml','j.e.vasquez.v@gmail.com');>> wrote:
On Wed, Dec 24, 2014 at 3:03 PM, Daniel Micay <danielmicay@gmail.com> wrote:
Ivy Bridge and later have an RDRAND instruction exposing a hardware random number generator so there's no need for any TPM stuff. RDSEED will be provided by Broadwell and later for lower-level access to the hardware entropy rather than via a CSPRNG. It's already leveraged by the kernel and libraries like the C++ <random> implementation in libstdc++.
Great to know. Perhaps there will be no need for rng-tools neither haveged for those processors, :-)
Bad thing my i5/i7 processors are still sandy bridge. So whether I use tpm-rng (rng-tools doesn't read it, so no luck), or I use haveged, or nothing, :-)
Thanks for answering.
-- Javier
FWIW, I don't think just by enabling the TPM you have any risk of "being monitored". AFAIK the TPM just provides some trust/crypto-related functions for the use of the OS and/or applications. t'
-- (nil)
-- (nil)