FS#63694 - [linux-hardened] enable CONFIG_RANDOM_TRUST_CPU in the build config file
Attached to Project:
Arch Linux
Opened by Eduard Toloza (edu4rdshl) - Sunday, 08 September 2019, 22:31 GMT
Last edited by Eli Schwartz (eschwartz) - Sunday, 08 September 2019, 22:54 GMT
Opened by Eduard Toloza (edu4rdshl) - Sunday, 08 September 2019, 22:31 GMT
Last edited by Eli Schwartz (eschwartz) - Sunday, 08 September 2019, 22:54 GMT
|
Details
Description: Enabling it option introduced in
https://github.com/torvalds/linux/commit/39a8883a2b989d1d21bd8dd99f5557f0c5e89694
will allow all recent Intel and AMD CPUs to provide the CPU
opcode RDRAND to acquire random bytes. Linux includes random
bytes generated this way in its entropy pool, but didn’t use
to credit entropy for it (i.e. data from this source wasn’t
considered good enough to consider the entropy pool properly
filled even though it was used). This has changed recently
however, and most big distributions have turned on the
CONFIG_RANDOM_TRUST_CPU=y kernel compile time option. This
means systems with CPUs supporting this opcode will be able
to very quickly reach the “pool filled” state. Source:
https://systemd.io/RANDOM_SEEDS
Additional info: * package version(s): 5.2.11.a-1 * config and/or log files etc. * link to upstream bug report, if any |
This task depends upon
Closed by Eli Schwartz (eschwartz)
Sunday, 08 September 2019, 22:54 GMT
Reason for closing: Duplicate
Additional comments about closing: FS#63692
Sunday, 08 September 2019, 22:54 GMT
Reason for closing: Duplicate
Additional comments about closing: