Re: [PATCH 1/1] tpm: disable hwrng for fTPM on some AMD designs

[Limonciello, Mario]

On 7/28/2023 3:41 PM, Linus Torvalds wrote:
> On Thu, 27 Jul 2023 at 10:05, Daniil Stas <daniil.stas@xxxxxxxxxx> wrote:
> > Here is the bug report I created:
> > https://bugzilla.kernel.org/show_bug.cgi?id=217719
>
> Let's just disable the stupid fTPM hwrnd thing.
>
> Maybe use it for the boot-time "gather entropy from different
> sources", but clearly it should *not* be used at runtime.
>
> Why would anybody use that crud when any machine that has it
> supposedly fixed (which apparently didn't turn out to be true after
> all) would also have the CPU rdrand instruction that doesn't have the
> problem?

It /seems/ to be a separate problem, but yes I agree with your point.

> If you don't trust the CPU rdrand implementation (and that has had
> bugs too - see clear_rdrand_cpuid_bit() and x86_init_rdrand()), why
> would you trust the fTPM version that has caused even *more* problems?

That's exactly why I was asking in the kernel bugzilla if something 
similar gets tripped up by RDRAND.

I've got a patch that tears it out entirely for AMD fTPMs in the 
bugzilla, but I would prefer to discuss this with BIOS people before 
going that direction.

> So I don't see any downside to just saying "that fTPM thing is not
> working". Even if it ends up working in the future, there are
> alternatives that aren't any worse.
>
>                   Linus