Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 39a8883a authored by Theodore Ts'o's avatar Theodore Ts'o
Browse files

random: add a config option to trust the CPU's hwrng 



This gives the user building their own kernel (or a Linux
distribution) the option of deciding whether or not to trust the CPU's
hardware random number generator (e.g., RDRAND for x86 CPU's) as being
correctly implemented and not having a back door introduced (perhaps
courtesy of a Nation State's law enforcement or intelligence
agencies).

This will prevent getrandom(2) from blocking, if there is a
willingness to trust the CPU manufacturer.

Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
parent 3672476e

drivers/char/Kconfig

+14 −0
Original line number Diff line number Diff line
@@ -554,3 +554,17 @@ config ADI 


endmenu



config RANDOM_TRUST_CPU

	bool "Trust the CPU manufacturer to initialize Linux's CRNG"

	depends on X86 || S390 || PPC

	default n

	help

	Assume that CPU manufacturer (e.g., Intel or AMD for RDSEED or

	RDRAND, IBM for the S390 and Power PC architectures) is trustworthy

	for the purposes of initializing Linux's CRNG.  Since this is not

	something that can be independently audited, this amounts to trusting

	that CPU manufacturer (perhaps with the insistence or mandate

	of a Nation State's intelligence or law enforcement agencies)

	has not installed a hidden back door to compromise the CPU's

	random number generation facilities.

drivers/char/random.c

+10 −1
Original line number Diff line number Diff line
@@ -782,6 +782,7 @@ static void invalidate_batched_entropy(void); 
static void crng_initialize(struct crng_state *crng)

{

	int		i;

	int		arch_init = 1;

	unsigned long	rv;



	memcpy(&crng->state[0], "expand 32-byte k", 16);
@@ -792,10 +793,18 @@ static void crng_initialize(struct crng_state *crng) 
		_get_random_bytes(&crng->state[4], sizeof(__u32) * 12);

	for (i = 4; i < 16; i++) {

		if (!arch_get_random_seed_long(&rv) &&

		    !arch_get_random_long(&rv))

		    !arch_get_random_long(&rv)) {

			rv = random_get_entropy();

			arch_init = 0;

		}

		crng->state[i] ^= rv;

	}

#ifdef CONFIG_RANDOM_TRUST_CPU

	if (arch_init) {

		crng_init = 2;

		pr_notice("random: crng done (trusting CPU's manufacturer)\n");

	}

#endif

	crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1;

}