[PATCH master] lib: select HAS_INSECURE_DEFAULTS from ALLOW_PRNG_FALLBACK
Ahmad Fatoum
a.fatoum at pengutronix.de
Wed Apr 16 23:23:49 PDT 2025
PRNG fallback inside get_crypto_bytes is only useful for debugging
and a really bad idea in production. We already warn about this at
runtime, but let's make sure it's directly evident in the config as
well.
Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
---
lib/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/lib/Kconfig b/lib/Kconfig
index 8e1d8086fbb6..0cb3a136b38e 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -139,6 +139,7 @@ config RATP
config ALLOW_PRNG_FALLBACK
bool "Allow fallback to PRNG if HWRNG not available."
+ select HAS_INSECURE_DEFAULTS
help
WARNING: it is not secure!!
--
2.39.5
More information about the barebox
mailing list