random: TPM_HARVEST should have been named RANDOM_ENABLE_TPM
ClosedPublic
Actions

(1) Where is documented that we're trying really hard not to add anything to DEFAULTS?
(2) I may not be following the question. Why is it justified to enable gathering entropy from the TPM2.0 by default? Right now it is one of the best forms of entropy, per NIST FIPS-140 EAR certificates, and is cross-platform - unlike RDSEED or the 2 arm64 chip RNG's that aren't standard across all of the arm64 platform. Where else should enabling this be? That someone might know they have a bump TPM2.0 implementation and wish to disable this entropy, it is reasonable to be able to disable this in a kernel config file. So is there another way other than in DEFAULTS? Are you simply wanting it in GENERIC?

I'd prefer them in GENERIC. All of our kernel config knowledge is tribal. I'm sorry. DEFAULTS are for things that every kernel must have. Tpm is optional, so belongs in GENERIC. Cool stuff, but a large percentage of systems lack it. I'd also add it to MINIMAL since I didn't notice a way to discover it with PNP data.

I wish things were better documented.

In D53460#1224717, @imp wrote:

I'd prefer them in GENERIC. All of our kernel config knowledge is tribal. I'm sorry. DEFAULTS are for things that every kernel must have. Tpm is optional, so belongs in GENERIC. Cool stuff, but a large percentage of systems lack it. I'd also add it to MINIMAL since I didn't notice a way to discover it with PNP data.

I wish things were better documented.

I have no problems with GENERIC over DEFAULTS. You have a point about "must have" vs. highly normal or highly desirable.
sys/amd64/conf/DEFAULTS contents:
<comment character> Default congestion control algorithm
options CC_CUBIC # include CUBIC congestion control
options NETLINK # netlink(4) support
Helped lead me astray that this was a good file to add to.
I'll upload a modified patch.

update per comments

Herald added a subscriber: ziaee. · View Herald TranscriptSun, Nov 9, 9:04 AM

Harbormaster completed remote builds in B68480: Diff 166078.Sun, Nov 9, 9:04 AM

In D53460#1224718, @obrien wrote:

In D53460#1224717, @imp wrote:

I'd prefer them in GENERIC. All of our kernel config knowledge is tribal. I'm sorry. DEFAULTS are for things that every kernel must have. Tpm is optional, so belongs in GENERIC. Cool stuff, but a large percentage of systems lack it. I'd also add it to MINIMAL since I didn't notice a way to discover it with PNP data.

I wish things were better documented.

I have no problems with GENERIC over DEFAULTS. You have a point about "must have" vs. highly normal or highly desirable.
sys/amd64/conf/DEFAULTS contents:
<comment character> Default congestion control algorithm
options CC_CUBIC # include CUBIC congestion control
options NETLINK # netlink(4) support
Helped lead me astray that this was a good file to add to.
I'll upload a modified patch.

Yea, those likely shouldn't be there, but now that they are, it's a little hard to unwind. It's easy to get lead astray in the kernel config system these days. It would be lovely to rewrite.

Anyway, this looks good to go now. Thanks for the updates.

This revision is now accepted and ready to land.Mon, Nov 10, 6:19 AM

Closed by commit rG3deb21f1afd5: random: TPM_HARVEST should have been named RANDOM_ENABLE_TPM (authored by obrien). · Explain WhyTue, Nov 11, 12:31 AM

This revision was automatically updated to reflect the committed changes.

obrien added a commit: rG3deb21f1afd5: random: TPM_HARVEST should have been named RANDOM_ENABLE_TPM.

obrien mentioned this in D53390: random: allow disabling of entropy harvesting from keyboard & mice.Tue, Nov 11, 1:33 AM