linux: enable RANDOM_TRUST_CPU

Allows the RDRAND instruction to seed the kernel RNG. This should lead
to faster CRNG initialization, since the kernel can use the processors
capabilities directly. This is default enabled in Debian [1] and Fedora
[2] as well.

[1]: https://salsa.debian.org/kernel-team/linux/-/blob/debian/5.10.13-1/debian/config/config#L459
[2]: https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel-x86_64-fedora.config#_4907
This commit is contained in:
Rouven Czerwinski 2021-02-24 05:35:03 +01:00 committed by Tim Steinbach
parent 3061c1a183
commit 368bdd13f6

View File

@ -435,6 +435,8 @@ let
SECURITY_APPARMOR = yes;
DEFAULT_SECURITY_APPARMOR = yes;
RANDOM_TRUST_CPU = yes; # allow RDRAND to seed the RNG
MODULE_SIG = no; # r13y, generates a random key during build and bakes it in
# Depends on MODULE_SIG and only really helps when you sign your modules
# and enforce signatures which we don't do by default.