On Thu, Mar 19, 2026 at 10:28:03AM -0400, Mimi Zohar wrote: > On Wed, 2026-03-18 at 10:36 -0700, Chris Fenner wrote: > > Apologies if my long message derailed this discussion. I meant to > > support Mimi's concern here and project a future vision where > > TCG_TPM2_HMAC doesn't conflict with other features. > > > > More concisely, I think that: > > > > > tpm2_get_random() is costly when TCG_TPM2_HMAC is enabled > > > > is not a compelling argument for removing TPM as an RNG source, > > because TCG_TPM2_HMAC is known to have poor performance already > > anyway. > > Agreed. Thanks, Chris! FYI, we raised concerns about IMA performance with > the > TPM HMAC and encrypted feature while it was being developed. James had some > ideas, at the time, as to how to resolve the performance issue for IMA. Yet > it > was upstreamed without those changes and with CONFIG_TCG_TPM2_HMAC enabled by > default on x86 systems. > > Jarkko has queued this patch in the "queue" branch, without indicating whether > it will eventually be upstreamed or not.
Yes and there's been multiple months of time to comment this and I backed up the patch set there, which is not same as applying it. > > Mimi BR, Jarkko
