random: Add add_drbg_randomness to safely seed urandom from crypto hw
There has been a longstanding debate as to how devices such as TPMs
should be used to seed the kernel's RNG. Arguments in this debate
include:
- The TPM is untrustworthy and possibly malicious, so we shouldn't use
it.
- The TPM almost certainly supplies no real entropy, so we shouldn't
credit any entropy from it.
The upshot is that we don't use TPM-like devices at all as entropy
sources, unless CONFIG_HW_RANDOM_TPM is set, in which case we use it in
a way that looks rather wrong to me.
Let's resolve this problem by calling these devices what they are:
DRBGs, aka deterministic random bit generators. They may be broken,
they may be backdoored, they're probably deterministic, they arguably
shouldn't supply any entropy credits, but they're still valuable sources
of cryptographic data to mix into at least the urandom pool.
This adds add_drbg_randomness to allow these devices to safely seed
urandom.
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
3 files changed
