Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752506AbdFVAFD (ORCPT ); Wed, 21 Jun 2017 20:05:03 -0400 Received: from frisell.zx2c4.com ([192.95.5.64]:33997 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751689AbdFVAFC (ORCPT ); Wed, 21 Jun 2017 20:05:02 -0400 MIME-Version: 1.0 In-Reply-To: <20170621203824.khyt6uqxghhdromi@thunk.org> References: <20170621000300.11646-1-Jason@zx2c4.com> <87k245ub5y.fsf@concordia.ellerman.id.au> <20170621203824.khyt6uqxghhdromi@thunk.org> From: "Jason A. Donenfeld" Date: Thu, 22 Jun 2017 02:04:57 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [kernel-hardening] [PATCH] random: warn when kernel uses unseeded randomness To: "Theodore Ts'o" , Michael Ellerman , "Jason A. Donenfeld" , Jeffrey Walton , tglx@breakpoint.cc, David Miller , Linus Torvalds , Eric Biggers , LKML , Greg Kroah-Hartman , kernel-hardening@lists.openwall.com, Linux Crypto Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 793 Lines: 19 Hi Ted, On Wed, Jun 21, 2017 at 10:38 PM, Theodore Ts'o wrote: > I agree completely with all of this. The following patch replaces the > current topmost patch on the random.git tree: > For developers who want to work on improving this situation, > CONFIG_WARN_UNSEEDED_RANDOM has been renamed to > CONFIG_WARN_ALL_UNSEEDED_RANDOM. By default the kernel will always > print the first use of unseeded randomness. This way, hopefully the > security obsessed will be happy that there is _some_ indication when > the kernel boots there may be a potential issue with that architecture > or subarchitecture. To see all uses of unseeded randomness, > developers can enable CONFIG_WARN_ALL_UNSEEDED_RANDOM. Seems fine to me. Acked-by: Jason A. Donenfeld Jason