I disagree. If the hardware is present, enabled by BIOS, and capable of being used for this purpose, it should by default do so. People with specific concerns may disable this capability in a number of ways, but it should not be encumbant on the average user, those with no concerns about using the TPM, to recognize that it is present and take extra steps to enable it.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
why do we still not have this cool functionality? Many systems ship with a TPM with a good fast RNG. These systems run out of entropy completely needlessly today.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I have a patch that achieves this but needs to be reviewed.
Patch for review.
File Added: rngd_tpm_support.patch
Patch that achieves this.
Hello jeff
Please review this patch. This patch uses the random number generator inside the tpm as an entropy source in addition to the already existing sources.
The ID of the patch is 2261605
http://sourceforge.net/tracker/?func=detail&aid=2261605&group_id=3242&atid=303242
regards,
sandeep.
Hello
Sorry the URL to the patch is
http://sourceforge.net/tracker/?func=detail&aid=2261605&group_id=3242&atid=303242
temperatures extinctions stricter until variability
https://sourceforge.net/tracker/?func=detail&aid=2882127&group_id=3242&atid=303242
is my cleaned up and tested version of Sandeep's patch. Please use this one instead.
One major flaw: it should default to not using TPM, right now it's the opposite: it defaults to using it.
I disagree. If the hardware is present, enabled by BIOS, and capable of being used for this purpose, it should by default do so. People with specific concerns may disable this capability in a number of ways, but it should not be encumbant on the average user, those with no concerns about using the TPM, to recognize that it is present and take extra steps to enable it.
The previous comment was mine. -Matt
Which device? /dev/tpm0, /dev/tpm1, /dev/tpm2... ?? It requires configuration anyway.
currently it is /dev/tpm0, If /dev/tmp0 fails we dont use the tpm. There is no configuration required.
I think you've just made my point clear: it needs configuration.
How many systems have you seen with multiple TPMs present? Personally, I've seen none.
why do we still not have this cool functionality? Many systems ship with a TPM with a good fast RNG. These systems run out of entropy completely needlessly today.
I agree, we need accelerated crypto