ACK: [PATCH][Disco] Trust CPU RNG to initialize kernel CRNG
Colin Ian King
colin.king at canonical.com
Mon Apr 8 18:03:33 UTC 2019
On 08/04/2019 17:23, Seth Forshee wrote:
> BugLink: https://bugs.launchpad.net/bugs/1823754
>
> This option was changed in the master kernel shortly before kernel
> freeze, but I neglected to apply the same changes to derivatives. These
> patches are simply to bring the same change to the derivatives. raspi2
> and snapdragon are omitted as this option is not available for ARM.
>
> I'll also point out that annotations updates are only included for
> linux-azure. linux-aws and linux-kvm do not use annotations, and
> linux-gcp gets it by including the master kernel annotations.
>
> SRU Justification:
>
> Impact: Turning this option on will make our kernels by default trust
> the CPU's random number generator for the purpose of initializing the
> kernel's CRNG on Intel, AMD, and IBM CPUs. Users can disable this at
> boot time by passing random.trust_cpu=off. Turning this on has the
> potential to prevent getrandom(2) from blocking during early boot. This
> option was turned on in the master kernel shortly before disco kernel
> freeze; this bug is about propagating the option to derivative kernels.
>
> Regression Potential: No user-visible regressions are expected. Some
> security-conscious users may prefer to not trust the CPU maker's RNG,
> but in that case the boot options is available.
>
> Test Case: The benefit is difficult to verify empirically in Ubuntu
> kernels since we carry a patch to avoid problems with getrandom(2)
> blocking immediately following boot. However, it is possible to see
> whether or not the kernel used the CPU RNG for initializing the CRNG by
> searching for the string "random: crng done (trusting CPU's
> manufacturer)" in dmesg.
>
> Thanks,
> Seth
>
Yep, let's keep all these aligned.
Acked-by: Colin Ian King <colin.king at canonical.com>
More information about the kernel-team
mailing list