On Tue, 2021-03-23 at 17:35 +0100, Ahmad Fatoum wrote: > Hello Horia, > > On 21.03.21 21:48, Horia Geantă wrote: > > On 3/16/2021 7:02 PM, Ahmad Fatoum wrote: > > [...] > >> +struct trusted_key_ops caam_trusted_key_ops = { > >> + .migratable = 0, /* non-migratable */ > >> + .init = trusted_caam_init, > >> + .seal = trusted_caam_seal, > >> + .unseal = trusted_caam_unseal, > >> + .exit = trusted_caam_exit, > >> +}; > > caam has random number generation capabilities, so it's worth using that > > by implementing .get_random. > > If the CAAM HWRNG is already seeding the kernel RNG, why not use the kernel's? > > Makes for less code duplication IMO.
Using kernel RNG, in general, for trusted keys has been discussed before. Please refer to Dave Safford's detailed explanation for not using it [1]. thanks, Mimi [1] https://lore.kernel.org/linux-integrity/bca04d5d9a3b764c9b7405bba4d4a3c035f2a...@alpmbapa12.e2k.ad.ge.com/