kernel: Initialize RNG using CPU RNG and bootloader

This activates the following kernel options by default:
* CONFIG_RANDOM_TRUST_CPU
* CONFIG_RANDOM_TRUST_BOOTLOADER

With these option Linux will also use data from the CPU RNG e.g. RDRAND
and the bootloader to initialize the Linux RNG if such sources are
available.
These random bits are used in addition to the other sources, no other
sources are getting deactivated. I read that the Chacha mixer isn't
vulnerable to injected entropy, so this should not be a problem even if
these sources might inject bad random data.

The Linux kernel suggests to activate both options, Debian also
activates them. This does not increase kernel code size.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

diff --git a/target/linux/generic/config-5.10 b/target/linux/generic/config-5.10
index cde0fdb0a04078fbd2483aed7e233c9151addefd..3358329848561c9e087e75ca2eedfd943817e20d 100644 (file)
--- a/target/linux/generic/config-5.10
+++ b/target/linux/generic/config-5.10
@@ -4704,8 +4704,8 @@ CONFIG_PWRSEQ_SIMPLE=y
 # CONFIG_RALINK is not set
 # CONFIG_RANDOM32_SELFTEST is not set
 # CONFIG_RANDOMIZE_BASE is not set
-# CONFIG_RANDOM_TRUST_BOOTLOADER is not set
-# CONFIG_RANDOM_TRUST_CPU is not set
+CONFIG_RANDOM_TRUST_BOOTLOADER=y
+CONFIG_RANDOM_TRUST_CPU=y
 # CONFIG_RAPIDIO is not set
 # CONFIG_RAS is not set
 # CONFIG_RAW_DRIVER is not set

diff --git a/target/linux/generic/config-5.15 b/target/linux/generic/config-5.15
index 239a64523102542a32e05d7c8463db6ba8910887..004688c4707d573c063bd916db973b0c12734f3c 100644 (file)
--- a/target/linux/generic/config-5.15
+++ b/target/linux/generic/config-5.15
@@ -4946,8 +4946,8 @@ CONFIG_PWRSEQ_SIMPLE=y
 # CONFIG_RANDOM32_SELFTEST is not set
 # CONFIG_RANDOMIZE_BASE is not set
 # CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is not set
-# CONFIG_RANDOM_TRUST_BOOTLOADER is not set
-# CONFIG_RANDOM_TRUST_CPU is not set
+CONFIG_RANDOM_TRUST_BOOTLOADER=y
+CONFIG_RANDOM_TRUST_CPU=y
 # CONFIG_RAPIDIO is not set
 # CONFIG_RAS is not set
 # CONFIG_RAW_DRIVER is not set