TPMs are good for something

TPMs (Trusted Platform Modules) have long been avoided on Linux, given that their primary use cases have historically been around licensing and Digital Rights Management, concepts which are mostly foreign to Free and Open Source software.  However, as new use cases, such as “trusted boot” have emerged, developers have added TPM device drivers to the Linux kernel to enable these uses.  One often-overlooked feature of the TPM is that it has a hardware pseudo-random number generator.

A while back, Jeff Garzik and others were discussing this on the linux-kernel mailing list (summarized on LWN.net), where it was suggested that the TPM could be used to feed the rngd (random number gathering daemon) tool, just as it reads from other hardware random number generators.  The rngd program reads from hardware-based random number generators and feeds entropy into the kernel’s entropy pool.  Easy in concept, but lacking in TPM implementation.

As it happens, quite a few Dell systems include a TPM chip, including the PowerEdge 11G servers such as the R610 and R710.  So, I asked Dell’s crack team of Linux developers to see what they could do.  The result: a patch to rngd which adds the TPM as another source of random numbers for feeding the kernel’s entropy pool.

We’re working with Jeff to get this patch applied to the rng-tools upstream sources, and from there into the various distributions as their schedules permit.

So, should you find yourself running out of entropy on your servers, and not having a keyboard or mouse attached as ways to feed the entropy pool, you can run enable the TPM in BIOS SETUP, run rngd, and never lack for randomness again.

10 comments on this post.
  1. Pete Zaitcev:

    Is TPM “random enough”? It is after all not a white noise generator.

  2. Arjan van de Ven:

    Why would this even be done in userspace? That sounds like a round trip too many to me..

  3. Matt Domsch: TPMs are good for something | TuxWire : The Linux Blog:

    [...] original here:  Matt Domsch: TPMs are good for something Share and [...]

  4. David:

    That’s what we all need… more entropy.

  5. Andrew Pollock:

    I don’t suppose you can do anything about getting Rajiv Andrade’s iTPM patches accepted into the mainline kernel? We use the TPM as a smartcard, and newer laptops with iTPM chips are currently completely unsupported by Linux.

  6. mdomsch:

    It’s up to Rajiv as the TPM maintainer to keep submitting to Andrew or a subsystem tree to get it merged. I submitted a patch yesterday for the tpm_tis driver, to let it be autoloaded on appropriate systems, which Rajiv ack’ed and copied Andrew on his ack. I know Andrew is at the Kernel Summit this week, and my get buried in a backlog thereafter. The other option would be to get it into linux-next somehow, either through another subsystem tree or by getting Stephen to add Rajiv’s tree to the linux-next forest.

  7. codeblog » TPM as RNG:

    [...] some TPM coding I’d done to get random bytes from the pRNG on my TPM-enabled system from Matt Domsch’s recent post. I’m not fully convinced that the pRNG of the TPM is an appropriate source of entropy, but it [...]

  8. mirabilos:

    See my comment on…

    http://www.outflux.net/blog/archives/2009/10/22/tpm-as-rng/comment-page-1/#comment-793

  9. Kees Cook: TPM as RNG | TuxWire : The Linux Blog:

    [...] some TPM coding I’d done to get random bytes from the pRNG on my TPM-enabled system from Matt Domsch’s recent post. I’m not fully convinced that the pRNG of the TPM is an appropriate source of entropy, but it [...]

  10. Duane Voth:

    There is temporal entropy (a clock source – or *when* you boot your machine) and spacial entropy (a location – or *where* you boot your machine) and yes we also need *which* machine was booted. For location GPS coords work in physical space, an IP number works in network space to some degree, and I guess TPM would work in its specific license space helping to address the *which* question. But is a folded UUID string being used too? Is UUID possibly an all around better source than TPM? Of course there is no need to minimize entropy sources but picking ones that provide distinction across all known domains whether or not the user has bought a license is useful. :)