On Tue, May 1, 2018 at 4:34 PM Tobin C. Harding <m...@tobin.cc> wrote:
> This option should NOT be enabled on production kernels. I think with your fixes to get_random_bytes_arch(), it's perfectly fine to use on production kernels (and doesn't even need a kernel command line option). It was only with the "use weak crypto" (that get_random_bytes_arch() used to fall back on) that it was a problem. That fixed "verify that get_random_bytes_arch() really uses hw crypto" is certainly not weak crypto. Linus