diff options
Diffstat (limited to 'drivers/char')
-rw-r--r-- | drivers/char/Kconfig | 36 | ||||
-rw-r--r-- | drivers/char/random.c | 10 |
2 files changed, 5 insertions, 41 deletions
diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig index 0f378d29dab0..30fe9848dac1 100644 --- a/drivers/char/Kconfig +++ b/drivers/char/Kconfig @@ -423,40 +423,4 @@ config ADI and SSM (Silicon Secured Memory). Intended consumers of this driver include crash and makedumpfile. -config RANDOM_TRUST_CPU - bool "Initialize RNG using CPU RNG instructions" - default y - help - Initialize the RNG using random numbers supplied by the CPU's - RNG instructions (e.g. RDRAND), if supported and available. These - random numbers are never used directly, but are rather hashed into - the main input pool, and this happens regardless of whether or not - this option is enabled. Instead, this option controls whether the - they are credited and hence can initialize the RNG. Additionally, - other sources of randomness are always used, regardless of this - setting. Enabling this implies trusting that the CPU can supply high - quality and non-backdoored random numbers. - - Say Y here unless you have reason to mistrust your CPU or believe - its RNG facilities may be faulty. This may also be configured at - boot time with "random.trust_cpu=on/off". - -config RANDOM_TRUST_BOOTLOADER - bool "Initialize RNG using bootloader-supplied seed" - default y - help - Initialize the RNG using a seed supplied by the bootloader or boot - environment (e.g. EFI or a bootloader-generated device tree). This - seed is not used directly, but is rather hashed into the main input - pool, and this happens regardless of whether or not this option is - enabled. Instead, this option controls whether the seed is credited - and hence can initialize the RNG. Additionally, other sources of - randomness are always used, regardless of this setting. Enabling - this implies trusting that the bootloader can supply high quality and - non-backdoored seeds. - - Say Y here unless you have reason to mistrust your bootloader or - believe its RNG facilities may be faulty. This may also be configured - at boot time with "random.trust_bootloader=on/off". - endmenu diff --git a/drivers/char/random.c b/drivers/char/random.c index f5868dddbb61..1c6fb89fc005 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -748,7 +748,7 @@ static void __cold _credit_init_bits(size_t bits) * * add_bootloader_randomness() is called by bootloader drivers, such as EFI * and device tree, and credits its input depending on whether or not the - * configuration option CONFIG_RANDOM_TRUST_BOOTLOADER is set. + * command line option 'random.trust_bootloader'. * * add_vmfork_randomness() adds a unique (but not necessarily secret) ID * representing the current instance of a VM to the pool, without crediting, @@ -774,8 +774,8 @@ static void __cold _credit_init_bits(size_t bits) * **********************************************************************/ -static bool trust_cpu __initdata = IS_ENABLED(CONFIG_RANDOM_TRUST_CPU); -static bool trust_bootloader __initdata = IS_ENABLED(CONFIG_RANDOM_TRUST_BOOTLOADER); +static bool trust_cpu __initdata = true; +static bool trust_bootloader __initdata = true; static int __init parse_trust_cpu(char *arg) { return kstrtobool(arg, &trust_cpu); @@ -926,8 +926,8 @@ void add_hwgenerator_randomness(const void *buf, size_t len, size_t entropy) EXPORT_SYMBOL_GPL(add_hwgenerator_randomness); /* - * Handle random seed passed by bootloader, and credit it if - * CONFIG_RANDOM_TRUST_BOOTLOADER is set. + * Handle random seed passed by bootloader, and credit it depending + * on the command line option 'random.trust_bootloader'. */ void __init add_bootloader_randomness(const void *buf, size_t len) { |