Am Tue, Mar 22, 2022 at 10:11:23PM -0600 schrieb Jason A. Donenfeld: > If CONFIG_RANDOM_TRUST_CPU is set, the RNG initializes using RDRAND. > But, the user can disable (or enable) this behavior by setting > `random.trust_cpu=0/1` on the kernel command line. This allows system > builders to do reasonable things while avoiding howls from tinfoil > hatters. (Or vice versa.) > > CONFIG_RANDOM_TRUST_BOOTLOADER is basically the same thing, but regards > the seed passed via EFI or device tree, which might come from RDRAND or > a TPM or somewhere else. In order to allow distros to more easily enable > this while avoiding those same howls (or vice versa), this commit adds > the corresponding `random.trust_bootloader=0/1` toggle. > > Cc: Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx> > Cc: Theodore Ts'o <tytso@xxxxxxx> > Cc: Graham Christensen <graham@xxxxxxxxxxx> > Link: https://github.com/NixOS/nixpkgs/pull/165355 > Signed-off-by: Jason A. Donenfeld <Jason@xxxxxxxxx> Reviewed-by: Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx> Thanks, Dominik