[openwrt/openwrt] kernel: Initialize RNG using CPU RNG and bootloader
LEDE Commits
lede-commits at lists.infradead.org
Sat Apr 29 03:36:47 PDT 2023
hauke pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/2bab7d273e02bb463c121233d5d7e74157844305
commit 2bab7d273e02bb463c121233d5d7e74157844305
Author: Hauke Mehrtens <hauke at hauke-m.de>
AuthorDate: Sat Apr 22 15:28:01 2023 +0200
kernel: Initialize RNG using CPU RNG and bootloader
This activates the following kernel options by default:
* CONFIG_RANDOM_TRUST_CPU
* CONFIG_RANDOM_TRUST_BOOTLOADER
With these option Linux will also use data from the CPU RNG e.g. RDRAND
and the bootloader to initialize the Linux RNG if such sources are
available.
These random bits are used in addition to the other sources, no other
sources are getting deactivated. I read that the Chacha mixer isn't
vulnerable to injected entropy, so this should not be a problem even if
these sources might inject bad random data.
The Linux kernel suggests to activate both options, Debian also
activates them. This does not increase kernel code size.
Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
target/linux/generic/config-5.10 | 4 ++--
target/linux/generic/config-5.15 | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/target/linux/generic/config-5.10 b/target/linux/generic/config-5.10
index cde0fdb0a0..3358329848 100644
--- a/target/linux/generic/config-5.10
+++ b/target/linux/generic/config-5.10
@@ -4704,8 +4704,8 @@ CONFIG_PWRSEQ_SIMPLE=y
# CONFIG_RALINK is not set
# CONFIG_RANDOM32_SELFTEST is not set
# CONFIG_RANDOMIZE_BASE is not set
-# CONFIG_RANDOM_TRUST_BOOTLOADER is not set
-# CONFIG_RANDOM_TRUST_CPU is not set
+CONFIG_RANDOM_TRUST_BOOTLOADER=y
+CONFIG_RANDOM_TRUST_CPU=y
# CONFIG_RAPIDIO is not set
# CONFIG_RAS is not set
# CONFIG_RAW_DRIVER is not set
diff --git a/target/linux/generic/config-5.15 b/target/linux/generic/config-5.15
index 239a645231..004688c470 100644
--- a/target/linux/generic/config-5.15
+++ b/target/linux/generic/config-5.15
@@ -4946,8 +4946,8 @@ CONFIG_PWRSEQ_SIMPLE=y
# CONFIG_RANDOM32_SELFTEST is not set
# CONFIG_RANDOMIZE_BASE is not set
# CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is not set
-# CONFIG_RANDOM_TRUST_BOOTLOADER is not set
-# CONFIG_RANDOM_TRUST_CPU is not set
+CONFIG_RANDOM_TRUST_BOOTLOADER=y
+CONFIG_RANDOM_TRUST_CPU=y
# CONFIG_RAPIDIO is not set
# CONFIG_RAS is not set
# CONFIG_RAW_DRIVER is not set
More information about the lede-commits
mailing list