Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp182109imm; Tue, 17 Jul 2018 23:48:42 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdpOffjZCHrZdjOh+IUyY655s5rOR3dO++lQi2KDMwOy85V/R3NwWUmtY/C4AYa2vvs95Jn X-Received: by 2002:a62:3b89:: with SMTP id w9-v6mr3963116pfj.80.1531896522747; Tue, 17 Jul 2018 23:48:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1531896522; cv=none; d=google.com; s=arc-20160816; b=rx+9X5mpwIsiJ7mGM1e/BGdFWjBJPdnCr1RUhtlZNR56C5aylQby0kwcQr9O7R7/n9 nLXoQEqJA7SWJbjYm8QHBelb6pC1rFO1fpVJBIQSFqtRdXrPfuWZmdeURDGuHY03MkaS NwWiePU2eQuK01LGpwYCzquz58FnCf511nMiPo5fXKq6CV/n1yqQr7TJ+2CqvfYkyJkw Ny0dIUNNXQV2ASzBOwZxRP4GVtW+Fj8GY4+Y/MZU9RTF2TElsrx1qsadp8gVdVvl59kC Euw/Ese7DU0vYmpDdQyW+kqW5c8qgZml1qZE/rxUWwLiCrTHKpgAj7ohGwci4fHF1Mfd BPhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:reply-to:mime-version:dkim-signature :arc-authentication-results; bh=cKrnTRyqDITN96Q4axqnM9Ey7VXVa9+aMfph0iy5Vmk=; b=PQMI7ChLFtx1TyW+3pSrkkbqoYm1ZyiJjRRjGB5S/sy5OErvwuZiOblJX0CXt7A4U0 zUFq8wB8ugK/tR53LHwJPmks8gX5BCcozNNZq1OvyiKAHH1GeeGl3se6b5lgGRp/HCVa OL/qSgw24EgYfYMRSA9XrOD51VqYb6VlHfbzbI0ZrBPI3Uyg3r44oMCu1uNgsYV4xHu1 uNV1vfhAU7u7EDFra5Es1b4/YMvstGo9ZJsp+3eZ2hp/j0U99WBzJEA5Pp/hTYWyfgDv ozMOHtJjDoy8bsBc83x054/V4au2DBe+xJ7qyYuBj5S8kSxHo5afoGnKrHN1xioKWCcB xwzA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=G709n9FX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y71-v6si2586749pgd.223.2018.07.17.23.48.27; Tue, 17 Jul 2018 23:48:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=G709n9FX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729251AbeGRHXP (ORCPT + 99 others); Wed, 18 Jul 2018 03:23:15 -0400 Received: from mail-oi0-f66.google.com ([209.85.218.66]:33984 "EHLO mail-oi0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726276AbeGRHXP (ORCPT ); Wed, 18 Jul 2018 03:23:15 -0400 Received: by mail-oi0-f66.google.com with SMTP id 13-v6so6802183ois.1; Tue, 17 Jul 2018 23:46:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc; bh=cKrnTRyqDITN96Q4axqnM9Ey7VXVa9+aMfph0iy5Vmk=; b=G709n9FXgwbiW2odRbgw8seYVHp0eMl9UbbHBTmI8NPz7I1xLuhoG316OcXM4C5JDO W1n9bp/3wZd18BfSam6DyRYidjwYN6XxKhgeo285/g8dwMbXrXmqxToBUWNSZONhEkpD 3Qnwr8WMDoiKK+2A9Cnqhbsw/kD7sKc1PslBD4eL3MLlLi/mcaMKvhOc6yXx7kZqtowV BOmArjBTE32D82vGagsT/9k8ryLa/4uOZ1dfHGwKRfxPUcXSf5HZUUrluX2zTXiFzgVJ RWTRMXmdrU/b6aVPrBzcyYva56P3NcZ2cVjUrZL9LeUD9EXk7bDyghw55bxdwuLah/FD I9Lw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :from:date:message-id:subject:to:cc; bh=cKrnTRyqDITN96Q4axqnM9Ey7VXVa9+aMfph0iy5Vmk=; b=OZ2Lu9Hdpyk3nv4R4vd9IderK0FesmzcU0NTaVBvjrHX1T/qqCC9QUUh2aM+oSJfKy u91n/91BuWf5llOWQ1o3u8k1D1t3udoMEKHRiJn55UR1p5A7M2pmePliBa5EBxbzJnCF 8UhZnmrSzs1hNI/oYAM4hJQKtr6ZnU/3RZFKQExiY5J44hJNz6lKE7UEHNVr4W3Y2R6B 8nCfY3qHlqam0WCgjJgMlUrmWpo9RRou4ahljUuQMcEsGDUwrPAk1QOL/lnBslb6I9Yd Vi8otgxOKMyQQhFjlx8+bSIzA3OSz2w2S2tqLLFHrKSFL1tzlR4wX8eT5t4yBgboYzJ2 1DZA== X-Gm-Message-State: AOUpUlG8E2huDOf/EYOgVnVfT/3nSXaiM3g7Cpg/1L5uyF3oLG2sv/PL g0FDlJIohQ4/5+45MZ+AfkSgb2kwrKYrdfMRo/8= X-Received: by 2002:aca:4808:: with SMTP id v8-v6mr4841938oia.259.1531896415981; Tue, 17 Jul 2018 23:46:55 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a4a:c689:0:0:0:0:0 with HTTP; Tue, 17 Jul 2018 23:46:55 -0700 (PDT) Reply-To: noloader@gmail.com In-Reply-To: <20180718014344.1309-1-tytso@mit.edu> References: <20180718014344.1309-1-tytso@mit.edu> From: Jeffrey Walton Date: Wed, 18 Jul 2018 02:46:55 -0400 Message-ID: Subject: Re: [PATCH] random: add a config option to trust the CPU's hwrng To: "Theodore Ts'o" Cc: Linux Crypto Mailing List , Linux Kernel Developers List , Laura Abbott Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 17, 2018 at 9:43 PM, Theodore Ts'o wrote: > This gives the user building their own kernel (or a Linux > distribution) the option of deciding whether or not to trust the CPU's > hardware random number generator (e.g., RDRAND for x86 CPU's) as being > correctly implemented and not having a back door introduced (perhaps > courtesy of a Nation State's law enforcement or intelligence > agencies). +1. Allowing the user to set local policy is a good idea. Thanks for that.