On 24/12/14 02:45 PM, Javier Vasquez wrote:
Hi,
Seems like on i5 and i7 chips the way to get random numbers through HW is to use tpm-rng (intel-rng is no longer available for them). An by reading [1] seems like a pretty good idea.
However I have no intention to use tpm at all, neither I want any possibility to get any one monitoring my machine, which is one of the possible use cases with tpm.
Does one, just by using tpm to feed entropy, open any door on linux for any other tpm functionality? Or is it totally safe to use tpm-rng?
Thanks,
Ivy Bridge and later have an RDRAND instruction exposing a hardware random number generator so there's no need for any TPM stuff. RDSEED will be provided by Broadwell and later for lower-level access to the hardware entropy rather than via a CSPRNG. It's already leveraged by the kernel and libraries like the C++ <random> implementation in libstdc++.