Thanks for all the replies, let me add some background around the motivation for this change. On some systems we have seen large delays in boot time, due to blocking on a call to getrandom() before the entropy pool has been initialized. On these systems the usual sources of entropy are not sufficient to initialize the pool in any kind of reasonable time - delays of minutes have been observed; the most common workaround is to mash the keyboard for a bit ;) Setting a non-zero quality score causes the hwrng to be used as a source of entropy for the pool, the pool is therefore initialized early during boot, and no delay is observed. I don't believe that the quality score is used anywhere else, so I don't think setting it should impact anything other than how the entropy pool is populated. It's my understanding that to be useful in the above situation, the parameter needs to be set on the kernel command line, so I'm not sure if a sysfs file would work. On Fri, Jun 22, 2018 at 12:21 AM, Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx> wrote: > On Mon, Jun 18, 2018 at 01:33:06PM -0600, Jason Gunthorpe wrote: >> > > +module_param(override_rng_quality, short, 0644); >> > >> > Should this be 600 i.e. not to leak this information? >> >> There is a real push these days against adding module parameters, and >> apparently, IMA can't function with TPM as a module. >> >> Are you sure this shouldn't be done in some other way? > > Maybe a sysfs file would be a better choice for this? > > /Jarkko
