From: "Jason A. Donenfeld" Subject: Re: [kernel-hardening] [PATCH] random: warn when kernel uses unseeded randomness Date: Thu, 22 Jun 2017 02:04:57 +0200 Message-ID: References: <20170621000300.11646-1-Jason@zx2c4.com> <87k245ub5y.fsf@concordia.ellerman.id.au> <20170621203824.khyt6uqxghhdromi@thunk.org> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" To: "Theodore Ts'o" , Michael Ellerman , "Jason A. Donenfeld" , Jeffrey Walton , tglx@breakpoint.cc, David Miller , Linus Torvalds , Eric Biggers , LKML , Greg Kroah-Hartman , kernel-hardening@lists.openwall.com, Linux Crypto Mailing List Return-path: Received: from frisell.zx2c4.com ([192.95.5.64]:33997 "EHLO frisell.zx2c4.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751689AbdFVAFC (ORCPT ); Wed, 21 Jun 2017 20:05:02 -0400 In-Reply-To: <20170621203824.khyt6uqxghhdromi@thunk.org> Sender: linux-crypto-owner@vger.kernel.org List-ID: Hi Ted, On Wed, Jun 21, 2017 at 10:38 PM, Theodore Ts'o wrote: > I agree completely with all of this. The following patch replaces the > current topmost patch on the random.git tree: > For developers who want to work on improving this situation, > CONFIG_WARN_UNSEEDED_RANDOM has been renamed to > CONFIG_WARN_ALL_UNSEEDED_RANDOM. By default the kernel will always > print the first use of unseeded randomness. This way, hopefully the > security obsessed will be happy that there is _some_ indication when > the kernel boots there may be a potential issue with that architecture > or subarchitecture. To see all uses of unseeded randomness, > developers can enable CONFIG_WARN_ALL_UNSEEDED_RANDOM. Seems fine to me. Acked-by: Jason A. Donenfeld Jason