On Tue, May 1, 2018 at 4:34 PM Tobin C. Harding <m...@tobin.cc> wrote:
> This option should NOT be enabled on production kernels.
I think with your fixes to get_random_bytes_arch(), it's perfectly fine to
use on production kernels (and doesn't even need a kernel command line
option).
It was only with the "use weak crypto" (that get_random_bytes_arch() used
to fall back on) that it was a problem. That fixed "verify that
get_random_bytes_arch() really uses hw crypto" is certainly not weak crypto.
Linus
