CONFIG_WARN_ALL_UNSEEDED_RANDOM: Warn for all uses of unseeded randomness

General informations

The Linux kernel configuration item CONFIG_WARN_ALL_UNSEEDED_RANDOM:

• prompt: Warn for all uses of unseeded randomness
• type: bool
• depends on: (none)
• defined in lib/Kconfig.debug
• found in Linux kernels: 4.13–4.20, 5.0–5.19, 6.0–6.8, 6.9-rc+HEAD

Help text

Some parts of the kernel contain bugs relating to their use of cryptographically secure random numbers before it's actually possible to generate those numbers securely. This setting ensures that these flaws don't go unnoticed, by enabling a message, should this ever occur. This will allow people with obscure setups to know when things are going wrong, so that they might contact developers about fixing it.

Unfortunately, on some models of some architectures getting a fully seeded CRNG is extremely difficult, and so this can result in dmesg getting spammed for a surprisingly long time. This is really bad from a security perspective, and so architecture maintainers really need to do what they can to get the CRNG seeded sooner after the system is booted. However, since users cannot do anything actionable to address this, by default this option is disabled.

Say Y here if you want to receive warnings for all uses of unseeded randomness. This will be of use primarily for those developers interested in improving the security of Linux kernels running on their architecture (or subarchitecture).

Hardware

LKDDb

Raw data from LKDDb:

• (none)

Sources

This page is automaticly generated with free (libre, open) software lkddb(see lkddb-sources).

The data is retrived from:

• Linux kernel
• Linux Kernel Driver DataBase (LKDDb)

Automatic links from Google (and ads)

Custom Search

Popular queries: