tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random

Pull random driver fix from Ted Ts'o:
"Fix things so the choice of whether or not to trust RDRAND to
initialize the CRNG is configurable via the boot option
random.trust_cpu={on,off}"

* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
random: make CPU trust a boot parameter

Linus Torvalds 3243a89d 1d225777

+16 -5
+6
Documentation/admin-guide/kernel-parameters.txt
··· 3523 3523 ramdisk_size= [RAM] Sizes of RAM disks in kilobytes 3524 3524 See Documentation/blockdev/ramdisk.txt. 3525 3525 3526 + random.trust_cpu={on,off} 3527 + [KNL] Enable or disable trusting the use of the 3528 + CPU's random number generator (if available) to 3529 + fully seed the kernel's CRNG. Default is controlled 3530 + by CONFIG_RANDOM_TRUST_CPU. 3531 + 3526 3532 ras=option[,option,...] [KNL] RAS-specific options 3527 3533 3528 3534 cec_disable [X86]
+2 -2
drivers/char/Kconfig
··· 566 566 that CPU manufacturer (perhaps with the insistence or mandate 567 567 of a Nation State's intelligence or law enforcement agencies) 568 568 has not installed a hidden back door to compromise the CPU's 569 - random number generation facilities. 570 - 569 + random number generation facilities. This can also be configured 570 + at boot with "random.trust_cpu=on/off".
+8 -3
drivers/char/random.c
··· 779 779 780 780 static void invalidate_batched_entropy(void); 781 781 782 + static bool trust_cpu __ro_after_init = IS_ENABLED(CONFIG_RANDOM_TRUST_CPU); 783 + static int __init parse_trust_cpu(char *arg) 784 + { 785 + return kstrtobool(arg, &trust_cpu); 786 + } 787 + early_param("random.trust_cpu", parse_trust_cpu); 788 + 782 789 static void crng_initialize(struct crng_state *crng) 783 790 { 784 791 int i; ··· 806 799 } 807 800 crng->state[i] ^= rv; 808 801 } 809 - #ifdef CONFIG_RANDOM_TRUST_CPU 810 - if (arch_init) { 802 + if (trust_cpu && arch_init) { 811 803 crng_init = 2; 812 804 pr_notice("random: crng done (trusting CPU's manufacturer)\n"); 813 805 } 814 - #endif 815 806 crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1; 816 807 } 817 808