[arch-general] [arch-gen] does using tmp-rng enables tpm at all?
Gustavo De Nardin (spuk)
gustavodn at gmail.com
Sun Dec 28 02:16:30 UTC 2014
[sorry, hit send by mistake...]
On Sunday, December 28, 2014, Gustavo De Nardin (spuk) <gustavodn at gmail.com>
wrote:
> FWIW, I don't think just by enabling
>
> On Wednesday, December 24, 2014, Javier Vasquez <j.e.vasquez.v at gmail.com
> <javascript:_e(%7B%7D,'cvml','j.e.vasquez.v at gmail.com');>> wrote:
>
>> > On Wed, Dec 24, 2014 at 3:03 PM, Daniel Micay <danielmicay at gmail.com>
>> wrote:
>> >
>> > Ivy Bridge and later have an RDRAND instruction exposing a hardware
>> > random number generator so there's no need for any TPM stuff. RDSEED
>> > will be provided by Broadwell and later for lower-level access to the
>> > hardware entropy rather than via a CSPRNG. It's already leveraged by the
>> > kernel and libraries like the C++ <random> implementation in libstdc++.
>>
>> Great to know. Perhaps there will be no need for rng-tools neither
>> haveged for those processors, :-)
>>
>> Bad thing my i5/i7 processors are still sandy bridge. So whether I
>> use tpm-rng (rng-tools doesn't read it, so no luck), or I use haveged,
>> or nothing, :-)
>>
>> Thanks for answering.
>>
>>
>> --
>> Javier
>>
>
FWIW, I don't think just by enabling the TPM you have any risk of "being
monitored". AFAIK the TPM just provides some trust/crypto-related functions
for the use of the OS and/or applications.
t'
>
> --
> (nil)
>
--
(nil)
More information about the arch-general
mailing list