linux: enable RANDOM_TRUST_CPU
Allows the RDRAND instruction to seed the kernel RNG. This should lead to faster CRNG initialization, since the kernel can use the processors capabilities directly. This is default enabled in Debian [1] and Fedora [2] as well. [1]: https://salsa.debian.org/kernel-team/linux/-/blob/debian/5.10.13-1/debian/config/config#L459 [2]: https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel-x86_64-fedora.config#_4907
This commit is contained in:
parent
3061c1a183
commit
368bdd13f6
@ -435,6 +435,8 @@ let
|
||||
SECURITY_APPARMOR = yes;
|
||||
DEFAULT_SECURITY_APPARMOR = yes;
|
||||
|
||||
RANDOM_TRUST_CPU = yes; # allow RDRAND to seed the RNG
|
||||
|
||||
MODULE_SIG = no; # r13y, generates a random key during build and bakes it in
|
||||
# Depends on MODULE_SIG and only really helps when you sign your modules
|
||||
# and enforce signatures which we don't do by default.
|
||||
|
Loading…
Reference in New Issue
Block a user