[sorry, hit send by mistake...]
On Sunday, December 28, 2014, Gustavo De Nardin (spuk) email@example.com wrote:
FWIW, I don't think just by enabling
On Wed, Dec 24, 2014 at 3:03 PM, Daniel Micay firstname.lastname@example.org
Ivy Bridge and later have an RDRAND instruction exposing a hardware random number generator so there's no need for any TPM stuff. RDSEED will be provided by Broadwell and later for lower-level access to the hardware entropy rather than via a CSPRNG. It's already leveraged by the kernel and libraries like the C++ <random> implementation in libstdc++.
Great to know. Perhaps there will be no need for rng-tools neither haveged for those processors, :-)
Bad thing my i5/i7 processors are still sandy bridge. So whether I use tpm-rng (rng-tools doesn't read it, so no luck), or I use haveged, or nothing, :-)
Thanks for answering.
FWIW, I don't think just by enabling the TPM you have any risk of "being monitored". AFAIK the TPM just provides some trust/crypto-related functions for the use of the OS and/or applications.