[PATCH][Disco] Trust CPU RNG to initialize kernel CRNG

Seth Forshee seth.forshee at canonical.com
Mon Apr 8 16:23:28 UTC 2019

BugLink: https://bugs.launchpad.net/bugs/1823754

This option was changed in the master kernel shortly before kernel
freeze, but I neglected to apply the same changes to derivatives. These
patches are simply to bring the same change to the derivatives. raspi2
and snapdragon are omitted as this option is not available for ARM.

I'll also point out that annotations updates are only included for
linux-azure. linux-aws and linux-kvm do not use annotations, and
linux-gcp gets it by including the master kernel annotations.

SRU Justification:

Impact: Turning this option on will make our kernels by default trust
the CPU's random number generator for the purpose of initializing the
kernel's CRNG on Intel, AMD, and IBM CPUs. Users can disable this at
boot time by passing random.trust_cpu=off. Turning this on has the
potential to prevent getrandom(2) from blocking during early boot. This
option was turned on in the master kernel shortly before disco kernel
freeze; this bug is about propagating the option to derivative kernels.

Regression Potential: No user-visible regressions are expected. Some
security-conscious users may prefer to not trust the CPU maker's RNG,
but in that case the boot options is available.

Test Case: The benefit is difficult to verify empirically in Ubuntu
kernels since we carry a patch to avoid problems with getrandom(2)
blocking immediately following boot. However, it is possible to see
whether or not the kernel used the CPU RNG for initializing the CRNG by
searching for the string "random: crng done (trusting CPU's
manufacturer)" in dmesg.


More information about the kernel-team mailing list