Control: retitle -1 set jitterentropy_rng.ko to built-in Control: reassign -1 src:linux
On Tue, 30 Apr 2019 11:38:00 +0000 Patrick Schleizer < adrela...@riseup.net > wrote: > On https://www.whonix.org/pipermail/whonix-devel/2019-April/001371.html > its developer wrote: > > > [...] > > - the in-kernel crypto API has an RNG framework that provides a DRBG. > This > DRBG is used for in-kernel crypto API purposes. It may be accessed from > user > space via AF_ALG [2]. Yet, this is not accessible from /dev/random, /dev/ > urandom or getrandom. The DRBG uses the in-kernel JitterRNG to seed itself. > > [...] > > Better entropy for in-kernel crypto API purposes sounds good as a > general security enhancement. > > Fedora enables this kernel module by default, too. > > Does this sound like a good idea to enable loading this kernel module by > default in Debian? Dear kernel maintainers, I apologise for the ping-pong, but this bug is now a request from the reporter to change the kernel module to built-in, so reassigning to src:linux : On Fri, 2019-04-26 at 16:47 +0000, proc...@riseup.net wrote: > OK. I found out this is not a problem on Fedora stations likely > because > they have the module built with 'y' instead of 'm'. Can you please > add > this to your next point release? I guess it might make sense on the cloud images, although I have not nearly enough knowledge and no strong opinions on the matter. Thanks! -- Kind regards, Luca Boccassi
signature.asc
Description: This is a digitally signed message part