diff options
Diffstat (limited to '0001-random-add-a-config-option-to-trust-the-CPU-s-hwrng.patch')
| -rw-r--r-- | 0001-random-add-a-config-option-to-trust-the-CPU-s-hwrng.patch | 78 |
1 files changed, 0 insertions, 78 deletions
diff --git a/0001-random-add-a-config-option-to-trust-the-CPU-s-hwrng.patch b/0001-random-add-a-config-option-to-trust-the-CPU-s-hwrng.patch deleted file mode 100644 index 8a2f68f82..000000000 --- a/0001-random-add-a-config-option-to-trust-the-CPU-s-hwrng.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 39a8883a2b989d1d21bd8dd99f5557f0c5e89694 Mon Sep 17 00:00:00 2001 -From: Theodore Ts'o <tytso@mit.edu> -Date: Tue, 17 Jul 2018 18:24:27 -0400 -Subject: [PATCH] random: add a config option to trust the CPU's hwrng - -This gives the user building their own kernel (or a Linux -distribution) the option of deciding whether or not to trust the CPU's -hardware random number generator (e.g., RDRAND for x86 CPU's) as being -correctly implemented and not having a back door introduced (perhaps -courtesy of a Nation State's law enforcement or intelligence -agencies). - -This will prevent getrandom(2) from blocking, if there is a -willingness to trust the CPU manufacturer. - -Signed-off-by: Theodore Ts'o <tytso@mit.edu> ---- - drivers/char/Kconfig | 14 ++++++++++++++ - drivers/char/random.c | 11 ++++++++++- - 2 files changed, 24 insertions(+), 1 deletion(-) - -diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig -index 212f447938ae..ce277ee0a28a 100644 ---- a/drivers/char/Kconfig -+++ b/drivers/char/Kconfig -@@ -554,3 +554,17 @@ config ADI - - endmenu - -+config RANDOM_TRUST_CPU -+ bool "Trust the CPU manufacturer to initialize Linux's CRNG" -+ depends on X86 || S390 || PPC -+ default n -+ help -+ Assume that CPU manufacturer (e.g., Intel or AMD for RDSEED or -+ RDRAND, IBM for the S390 and Power PC architectures) is trustworthy -+ for the purposes of initializing Linux's CRNG. Since this is not -+ something that can be independently audited, this amounts to trusting -+ that CPU manufacturer (perhaps with the insistence or mandate -+ of a Nation State's intelligence or law enforcement agencies) -+ has not installed a hidden back door to compromise the CPU's -+ random number generation facilities. -+ -diff --git a/drivers/char/random.c b/drivers/char/random.c -index 34ddfd57419b..f4013b8a711b 100644 ---- a/drivers/char/random.c -+++ b/drivers/char/random.c -@@ -782,6 +782,7 @@ static void invalidate_batched_entropy(void); - static void crng_initialize(struct crng_state *crng) - { - int i; -+ int arch_init = 1; - unsigned long rv; - - memcpy(&crng->state[0], "expand 32-byte k", 16); -@@ -792,10 +793,18 @@ static void crng_initialize(struct crng_state *crng) - _get_random_bytes(&crng->state[4], sizeof(__u32) * 12); - for (i = 4; i < 16; i++) { - if (!arch_get_random_seed_long(&rv) && -- !arch_get_random_long(&rv)) -+ !arch_get_random_long(&rv)) { - rv = random_get_entropy(); -+ arch_init = 0; -+ } - crng->state[i] ^= rv; - } -+#ifdef CONFIG_RANDOM_TRUST_CPU -+ if (arch_init) { -+ crng_init = 2; -+ pr_notice("random: crng done (trusting CPU's manufacturer)\n"); -+ } -+#endif - crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1; - } - --- -2.17.1 - |