On 18 July 2018 at 02:51, Theodore Y. Ts'o <tytso@xxxxxxx> wrote: > On Tue, Jul 17, 2018 at 09:43:44PM -0400, Theodore Ts'o wrote: >> This gives the user building their own kernel (or a Linux >> distribution) the option of deciding whether or not to trust the CPU's >> hardware random number generator (e.g., RDRAND for x86 CPU's) as being >> correctly implemented and not having a back door introduced (perhaps >> courtesy of a Nation State's law enforcement or intelligence >> agencies). >> >> This will prevent getrandom(2) from blocking, if there is a >> willingness to trust the CPU manufacturer. >> >> Signed-off-by: Theodore Ts'o <tytso@xxxxxxx> (Apologies if this is a duplicate reply, I misread the tiny text in gmail asking me if it was ok to send non plain text (dunno what caused that), so I guess the first version went to /dev/null, at least as far as the list is concerned.) On my haswell, since 4.16.4 and the corresponding 4.17-rc. my (sysv) bootscript to start unbound hangs for a couple of minutes unless I use the keyboard. Same on my kaveri. Those both lack spinning rust, but on two other SSD-only machines (ryzen, phenom) the security fix did not slow down the boot. So, since I've got better things to do than _worry_ about than whether my government, or yours, is spying on me, I would prefer to have the option to take the risk on the machines that will then boot faster. ĸen