From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Wed, 11 May 2022 00:43:37 +0300 From: "Vladimir D. Seleznev" To: ALT Linux kernel packages development Message-ID: References: <20220509142300.778629-1-vt@altlinux.org> <20220509190501.abdb47751fef8f7fdc58e6db@altlinux.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220509190501.abdb47751fef8f7fdc58e6db@altlinux.org> Subject: Re: [d-kernel] [PATCH un-def/sisyphus] config: Enable seeding CRNG from CPU and bootleader X-BeenThere: devel-kernel@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux kernel packages development List-Id: ALT Linux kernel packages development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 May 2022 21:43:38 -0000 Archived-At: List-Archive: List-Post: On Mon, May 09, 2022 at 07:05:01PM +0300, Andrey Savchenko wrote: > On Mon, 9 May 2022 17:23:00 +0300 Vitaly Chikunov wrote: > > This can be disabled at boot time with: > > random.trust_cpu=off > > random.trust_bootloader=off > > > > Signed-off-by: Vitaly Chikunov > > --- > > config | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/config b/config > > index e529911fd5dc..5b817e945274 100644 > > --- a/config > > +++ b/config > > @@ -4479,8 +4479,8 @@ CONFIG_XILLYBUS_CLASS=m > > CONFIG_XILLYBUS=m > > CONFIG_XILLYBUS_PCIE=m > > # CONFIG_XILLYUSB is not set > > -# CONFIG_RANDOM_TRUST_CPU is not set > > -# CONFIG_RANDOM_TRUST_BOOTLOADER is not set > > +CONFIG_RANDOM_TRUST_CPU=y > > +CONFIG_RANDOM_TRUST_BOOTLOADER=y > > These sources are not trusted in most cases, so please avoid > enabling them by default for everyone. It's a very horrible world where you cannot trust to your CPU. -- WBR, Vladimir D. Seleznev