From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bircoph@altlinux.org>
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 sa.local.altlinux.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
 autolearn=unavailable autolearn_force=no version=3.4.1
Date: Mon, 9 May 2022 19:05:01 +0300
From: Andrey Savchenko <bircoph@altlinux.org>
To: ALT Linux kernel packages development <devel-kernel@lists.altlinux.org>
Message-Id: <20220509190501.abdb47751fef8f7fdc58e6db@altlinux.org>
In-Reply-To: <20220509142300.778629-1-vt@altlinux.org>
References: <20220509142300.778629-1-vt@altlinux.org>
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-alt-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
 micalg="PGP-SHA512";
 boundary="Signature=_Mon__9_May_2022_19_05_01_+0300_r+Z=Y7__u6CL8wK_"
Subject: Re: [d-kernel] [PATCH un-def/sisyphus] config: Enable seeding CRNG
 from CPU and bootleader
X-BeenThere: devel-kernel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux kernel packages development
 <devel-kernel@lists.altlinux.org>
List-Id: ALT Linux kernel packages development
 <devel-kernel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel-kernel>,
 <mailto:devel-kernel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel-kernel>
List-Post: <mailto:devel-kernel@lists.altlinux.org>
List-Help: <mailto:devel-kernel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel-kernel>,
 <mailto:devel-kernel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Mon, 09 May 2022 16:05:38 -0000
Archived-At: <http://lore.altlinux.org/devel-kernel/20220509190501.abdb47751fef8f7fdc58e6db@altlinux.org/>
List-Archive: <http://lore.altlinux.org/devel-kernel/>
List-Post: <mailto:devel-kernel@altlinux.org>

--Signature=_Mon__9_May_2022_19_05_01_+0300_r+Z=Y7__u6CL8wK_
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon,  9 May 2022 17:23:00 +0300 Vitaly Chikunov wrote:
> This can be disabled at boot time with:
>   random.trust_cpu=3Doff
>   random.trust_bootloader=3Doff
>=20
> Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
> ---
>  config | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>=20
> diff --git a/config b/config
> index e529911fd5dc..5b817e945274 100644
> --- a/config
> +++ b/config
> @@ -4479,8 +4479,8 @@ CONFIG_XILLYBUS_CLASS=3Dm
>  CONFIG_XILLYBUS=3Dm
>  CONFIG_XILLYBUS_PCIE=3Dm
>  # CONFIG_XILLYUSB is not set
> -# CONFIG_RANDOM_TRUST_CPU is not set
> -# CONFIG_RANDOM_TRUST_BOOTLOADER is not set
> +CONFIG_RANDOM_TRUST_CPU=3Dy
> +CONFIG_RANDOM_TRUST_BOOTLOADER=3Dy

These sources are not trusted in most cases, so please avoid
enabling them by default for everyone.

Best regards,
Andrew Savchenko

--Signature=_Mon__9_May_2022_19_05_01_+0300_r+Z=Y7__u6CL8wK_
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE63ZIHsdeM+1XgNer9lNaM7oe5I0FAmJ5O64ACgkQ9lNaM7oe
5I1zIRAAit/xzZesHlthBfqhSl6tZH4USUKgZwEppCqdwifRaAJbZoSpea9cz2TP
alwGp84pdecCIT/9xc9jp9K7H2rOGsN3viaBVVpkNOaax7B1BDQILgltL/zj+20C
35Al5+z6WCWWhOvwvOw22wco2hhMKK+YL2Qv30R+5CrsjtDbOBaI0JPMB6vupt3k
eF8ujKEWxolbKLBU1lvdJFJKUQTtDuwEs4xJtAWyhVyQR8wsRqirY/B9bzwdoF8Z
kFeI9bjGOjbSTijgQiccWXoHFELQfnD+aCw1J+E63L3UOyiqTH2tpIyuSD6SB/PG
1X800o06X55Rfrgcs9r0VTRrHTk/DDqTZ491zZhHYEpoAq2HmQSr56LSbWsZneNJ
2qLLl4JawLd7hPC0YDHZoeq03H+AnAwLOYEry1lNVfAez5b6R5juZmpZiIP93Uzf
Wq3lddNlivqPVvlnKn+PRe6aP6TKWCKhrmF53hC55MCEdV83Mrl92pDG129sKYv6
jFH3iHfzNgZtqmEsv6fEkya9ozXCgzIDgeMmJfs+mM9lcdg5w09FVcmSTlobNHlm
iXlJDPuwr2dqoEBzxoWv7kzxUuiX8QRvZyWTER2P1vCDVDu7H6k17s5oejDR/2sE
OMyADMslggsJbblZzBYa9LDxLXaP0inpTIenvfZte17R7cfSTdE=
=aRvc
-----END PGP SIGNATURE-----

--Signature=_Mon__9_May_2022_19_05_01_+0300_r+Z=Y7__u6CL8wK_--