APPLIED: [PATCH][Disco] Trust CPU RNG to initialize kernel CRNG

[Seth Forshee]

On Mon, Apr 08, 2019 at 11:23:28AM -0500, Seth Forshee wrote:
> BugLink: https://bugs.launchpad.net/bugs/1823754
> 
> This option was changed in the master kernel shortly before kernel
> freeze, but I neglected to apply the same changes to derivatives. These
> patches are simply to bring the same change to the derivatives. raspi2
> and snapdragon are omitted as this option is not available for ARM.
> 
> I'll also point out that annotations updates are only included for
> linux-azure. linux-aws and linux-kvm do not use annotations, and
> linux-gcp gets it by including the master kernel annotations.
> 
> SRU Justification:
> 
> Impact: Turning this option on will make our kernels by default trust
> the CPU's random number generator for the purpose of initializing the
> kernel's CRNG on Intel, AMD, and IBM CPUs. Users can disable this at
> boot time by passing random.trust_cpu=off. Turning this on has the
> potential to prevent getrandom(2) from blocking during early boot. This
> option was turned on in the master kernel shortly before disco kernel
> freeze; this bug is about propagating the option to derivative kernels.
> 
> Regression Potential: No user-visible regressions are expected. Some
> security-conscious users may prefer to not trust the CPU maker's RNG,
> but in that case the boot options is available.
> 
> Test Case: The benefit is difficult to verify empirically in Ubuntu
> kernels since we carry a patch to avoid problems with getrandom(2)
> blocking immediately following boot. However, it is possible to see
> whether or not the kernel used the CPU RNG for initializing the CRNG by
> searching for the string "random: crng done (trusting CPU's
> manufacturer)" in dmesg.

Applied all patches.