On Wed, Apr 17, 2019 at 11:36 AM Lennart Poettering <mzerq...@0pointer.de> wrote: > > Yeah, all that stuff is stuff the kernel could do better on its > own. If the CPU jitter stuff or the TPM stuff is a good idea, then why > not add that to the kernel natively, why involve userspace with that? > i.e. if the TPM and the CPU jitter stuff can be trusted, then the same > thing as for CONFIG_RANDOM_TRUST_CPU=y should be done: pass the random > data into the pool directly inside in the kernel.
$ grep CONFIG_HW_RANDOM_TPM /boot/config-5.0.6-300.fc30.x86_64 CONFIG_HW_RANDOM_TPM=y I've got no idea if this is for TPM 1.x or 2.x or both. > Well, no. I mean, the only way you can do that is by turning rngd into > its own init system, if you want it to run before the init > system. /usr/lib/systemd/system/rngd.service contains WantedBy=multi-user.target I'm gonna guess Steve Grubb is wondering whether it could be wanted by an earlier target, possibly cryptsetup-pre.target? I don't see a service file in the upstream project so this may have been selected by the Fedora packager as a known to work option. -- Chris Murphy _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
