[Kernel-packages] [Bug 1823754] Re: Set CONFIG_RANDOM_TRUST_CPU=y

Mon, 08 Apr 2019 09:11:11 -0700 

** Changed in: linux-aws (Ubuntu)
   Importance: Undecided => High

** Changed in: linux-aws (Ubuntu)
       Status: New => In Progress

** Changed in: linux-aws (Ubuntu)
     Assignee: (unassigned) => Seth Forshee (sforshee)

** Changed in: linux-gcp (Ubuntu)
   Importance: Undecided => High

** Changed in: linux-gcp (Ubuntu)
       Status: New => In Progress

** Changed in: linux-gcp (Ubuntu)
     Assignee: (unassigned) => Seth Forshee (sforshee)

** Changed in: linux-kvm (Ubuntu)
   Importance: Undecided => High

** Changed in: linux-kvm (Ubuntu)
       Status: New => In Progress

** Changed in: linux-kvm (Ubuntu)
     Assignee: (unassigned) => Seth Forshee (sforshee)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-gcp in Ubuntu.
https://bugs.launchpad.net/bugs/1823754

Title:
  Set CONFIG_RANDOM_TRUST_CPU=y

Status in linux-aws package in Ubuntu:
  In Progress
Status in linux-azure package in Ubuntu:
  In Progress
Status in linux-gcp package in Ubuntu:
  In Progress
Status in linux-kvm package in Ubuntu:
  In Progress

Bug description:
  SRU Justification

  Impact: Turning this option on will make our kernels by default trust
  the CPU's random number generator for the purpose of initializing the
  kernel's CRNG on Intel, AMD, and IBM CPUs. Users can disable this at
  boot time by passing random.trust_cpu=off. Turning this on has the
  potential to prevent getrandom(2) from blocking during early boot.
  This option was turned on in the master kernel shortly before disco
  kernel freeze; this bug is about propagating the option to derivative
  kernels.

  Regression Potential: No user-visible regressions are expected. Some
  security-conscious users may prefer to not trust the CPU maker's RNG,
  but in that case the boot options is available.

  Test Case: The benefit is difficult to verify empirically in Ubuntu
  kernels since we carry a patch to avoid problems with getrandom(2)
  blocking immediately following boot. However, it is possible to see
  whether or not the kernel used the CPU RNG for initializing the CRNG
  by searching for the string "random: crng done (trusting CPU's
  manufacturer)" in dmesg.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1823754/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to