[ Unsure which ML to CC - see [1] - so I used what was CCed in [3]] Hi, I am not a security expert but following the exciting changes to random/crng changes in upcoming v5.18 and using it on top of Linux v5.17. Just saw this typo in [0]: diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index c658e5d2d52c9..b9d764a492078 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -4400,6 +4400,12 @@ fully seed the kernel's CRNG. Default is controlled by CONFIG_RANDOM_TRUST_CPU. + random.trust_bootloader={on,off} + [KNL] Enable or disable trusting the use of the + a seed passed by the bootloader (if available) to What do you want to say: "the" or "a" seed :-)? + fully seed the kernel's CRNG. Default is controlled + by CONFIG_RANDOM_TRUST_BOOTLOADER. + randomize_kstack_offset= [KNL] Enable or disable kernel stack offset randomization, which provides roughly 5 bits of Thanks for your work! Regards, - Sedat - [0] https://git.kernel.org/pub/scm/linux/kernel/git/crng/random.git/commit/?id=3032aedb16c77747f6a97d216887daec2b44f273 [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/MAINTAINERS#n16315 [2] https://www.zx2c4.com/projects/linux-rng-5.17-5.18/ [3] https://marc.info/?t=164797651800005&r=1&w=2