[arch-general] [arch-gen] does using tmp-rng enables tpm at all?

Daniel Micay danielmicay at gmail.com
Wed Dec 24 21:03:00 UTC 2014


On 24/12/14 02:45 PM, Javier Vasquez wrote:
> Hi,
> 
> Seems like on i5 and i7 chips the way to get random numbers through HW
> is to use tpm-rng (intel-rng is no longer available for them).  An by
> reading [1] seems like a pretty good idea.
> 
> However I have no intention to use tpm at all, neither I want any
> possibility to get any one monitoring my machine, which is one of the
> possible use cases with tpm.
> 
> Does one, just by using tpm to feed entropy, open any door on linux
> for any other tpm functionality?  Or is it totally safe to use
> tpm-rng?
> 
> Thanks,

Ivy Bridge and later have an RDRAND instruction exposing a hardware
random number generator so there's no need for any TPM stuff. RDSEED
will be provided by Broadwell and later for lower-level access to the
hardware entropy rather than via a CSPRNG. It's already leveraged by the
kernel and libraries like the C++ <random> implementation in libstdc++.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20141224/690fcd66/attachment.bin>


More information about the arch-general mailing list