Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#63692 - [linux][linux-lts][linux-zen][linux-hardened] enable CONFIG_RANDOM_TRUST_CPU

Attached to Project: Arch Linux
Opened by Eduard Toloza (edu4rdshl) - Sunday, 08 September 2019, 22:28 GMT
Last edited by Eli Schwartz (eschwartz) - Sunday, 08 September 2019, 22:59 GMT
Task Type Feature Request
Category Kernel
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description: Enabling it option introduced in https://github.com/torvalds/linux/commit/39a8883a2b989d1d21bd8dd99f5557f0c5e89694 will allow all recent Intel and AMD CPUs to provide the CPU opcode RDRAND to acquire random bytes. Linux includes random bytes generated this way in its entropy pool, but didn’t use to credit entropy for it (i.e. data from this source wasn’t considered good enough to consider the entropy pool properly filled even though it was used). This has changed recently however, and most big distributions have turned on the CONFIG_RANDOM_TRUST_CPU=y kernel compile time option. This means systems with CPUs supporting this opcode will be able to very quickly reach the “pool filled” state. Source: https://systemd.io/RANDOM_SEEDS

Additional info:
* package version(s): 5.2.13.arch1-1
* config and/or log files etc.
* link to upstream bug report, if any
This task depends upon

Closed by  Eli Schwartz (eschwartz)
Sunday, 08 September 2019, 22:59 GMT
Reason for closing:  Won't implement
Additional comments about closing:  We will not implement this feature, on the grounds that:
- we have rejected it in the past
- you can enable it with a boot parameter
- a biased press release from a thirdparty source is hardly justification to relax security policies by making people have to opt out of what many consider an anti-feature.
Comment by Michel Koss (MichelKoss1) - Sunday, 08 September 2019, 22:36 GMT Comment by Eli Schwartz (eschwartz) - Sunday, 08 September 2019, 22:56 GMT
  • Field changed: Task Type (Bug Report → Feature Request)
  • Field changed: Summary ([linux] enable CONFIG_RANDOM_TRUST_CPU in the build config file → [linux][linux-lts][linux-zen][linux-hardened] enable CONFIG_RANDOM_TRUST_CPU)
  • Field changed: Category (Packages: Core → Kernel)
There is utterly no reason to open the same bug four times. Even if it wasn't already discussed and rejected elsewhere, what on earth were you thinking?

Loading...