On Tue, Jul 17, 2018 at 9:43 PM, Theodore Ts'o <tytso@xxxxxxx> wrote: > This gives the user building their own kernel (or a Linux > distribution) the option of deciding whether or not to trust the CPU's > hardware random number generator (e.g., RDRAND for x86 CPU's) as being > correctly implemented and not having a back door introduced (perhaps > courtesy of a Nation State's law enforcement or intelligence > agencies). +1. Allowing the user to set local policy is a good idea. Thanks for that.