On Wed, Jul 18, 2018 at 09:22:13AM +0200, Yann Droneaud wrote: > > The text message should explain this is only relevant during > initialization / early boot. > > The config option name should state this. There are other workarounds for hangs that happen after initialization / early boot, yes. They are of varying levels of quality / safely, but that's neither here nor there. However, enabling config option means that the CRNG will be initialized with potentially information available to the CPU manufacturer and/or Nation States, and this persists *after* initialization / early boot. So to say, "we're perfectly safe after we leave initialization / early boot" is not true. So I'd much rather make it clear that we are trusting the CPU manufacturer far more than just during early boot. Cheers, - Ted
