Navigation: Linux Kernel Driver DataBase - web LKDDB: Main index - R index
The Linux kernel configuration item CONFIG_RANDOM_TRUST_CPU
has multiple definitions:
drivers/char/Kconfig
The configuration item CONFIG_RANDOM_TRUST_CPU:
(none)
Initialize the RNG using random numbers supplied by the CPU's RNG instructions (e.g. RDRAND), if supported and available. These random numbers are never used directly, but are rather hashed into the main input pool, and this happens regardless of whether or not this option is enabled. Instead, this option controls whether the they are credited and hence can initialize the RNG. Additionally, other sources of randomness are always used, regardless of this setting. Enabling this implies trusting that the CPU can supply high quality and non-backdoored random numbers.
Say Y here unless you have reason to mistrust your CPU or believe its RNG facilities may be faulty. This may also be configured at boot time with "random.trust_cpu=on/off".
drivers/char/Kconfig
The configuration item CONFIG_RANDOM_TRUST_CPU:
CONFIG_ARCH_RANDOM
Assume that CPU manufacturer (e.g., Intel or AMD for RDSEED or RDRAND, IBM for the S390 and Power PC architectures) is trustworthy for the purposes of initializing Linux's CRNG. Since this is not something that can be independently audited, this amounts to trusting that CPU manufacturer (perhaps with the insistence or mandate of a Nation State's intelligence or law enforcement agencies) has not installed a hidden back door to compromise the CPU's random number generation facilities. This can also be configured at boot with "random.trust_cpu=on/off".
Raw data from LKDDb:
(none)
This page is automaticly generated with free (libre, open) software lkddb(see lkddb-sources).
The data is retrived from:
Popular queries:
Navigation: Linux Kernel Driver DataBase - web LKDDB: main index - R index
Automatically generated (in year 2024). See also LKDDb sources on GitLab