On Mon, 14 Aug 2023 Björn Persson wrote:
David Wright wrote:On Mon 14 Aug 2023 at 11:26:13 (+0200), Björn Persson wrote:Other functions in the same source file create /dev/tpm0, and it looks like the random number generator should get registered together with the TPM. It's conditional on CONFIG_HW_RANDOM_TPM. Where can I check the value of that option?$ grep CONFIG_HW_RANDOM_TPM /boot/config-5.10.0-2* /boot/config-5.10.0-23-amd64:CONFIG_HW_RANDOM_TPM=y /boot/config-5.10.0-24-amd64:CONFIG_HW_RANDOM_TPM=y $Thanks. And look at that: # grep CONFIG_HW_RANDOM_TPM /boot/config-* /boot/config-5.10.0-23-amd64:CONFIG_HW_RANDOM_TPM=y # grep CONFIG_HW_RANDOM_TPM /boot/config-6.1.0-11-amd64 ; echo $? 1 So apparently randomness from a TPM is completely disabled in Debian 12 regardless of manufacturer. Next question: Why?
Debian Bug #1041007 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041007#10 Message #10 From: Vincent Blut [...] Subject: linux-image-6.1.0-0.deb11.7-amd64: Please enable TPM hardware RNG support (CONFIG_HW_RANDOM_TPM) Date: Sat, 29 Jul 2023 00:33:35 +0200 [...] Indeed, this regression compared to the kernel provided in bullseye is due to a configuration issue. For HW_RANDOM_TPM to be enabled, the TCG_TPM and HW_RANDOM config symbols are required but there is a subtlety in the way they have to be built. If TCG_TPM is built-in then HW_RANDOM must not be loadable (built as a module). If we take a look at the kernel configuration files prior being constructed, we can see that both TCG_TPM and HW_RANDOM config symbols should be built as modules: $ grep -Er "TCG_TPM|HW_RANDOM=" arm64/config:CONFIG_TCG_TPM=m kernelarch-x86/config:CONFIG_TCG_TPM=m config:CONFIG_HW_RANDOM=m config.cloud:CONFIG_TCG_TPM=m However after these files have been constructed, the TCG_TPM config symbol is no longer provided as module but built-in: $ grep TCG_TPM /boot/config-6.3.0-1-amd64 CONFIG_TCG_TPM=y This change is what causes HW_RANDOM_TPM to be disabled and is probably due to https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=644f17412f5acf01a19af9d04a92193 [...] -- Hackers are free people. They are like artists. If they are in a good mood, they get up in the morning and begin painting their pictures. -- Vladimir Putin