diff options
author | H. Peter Anvin <hpa@linux.intel.com> | 2014-03-18 00:36:28 +0100 |
---|---|---|
committer | Theodore Ts'o <tytso@mit.edu> | 2014-03-20 03:22:06 +0100 |
commit | 83664a6928a420b5ccfc0cf23ddbfe3634fea271 (patch) | |
tree | b8849a88a88a0894c1131a0234100a98b0d73d02 /net/key | |
parent | x86, random: Enable the RDSEED instruction (diff) | |
download | linux-83664a6928a420b5ccfc0cf23ddbfe3634fea271.tar.xz linux-83664a6928a420b5ccfc0cf23ddbfe3634fea271.zip |
random: Use arch_get_random_seed*() at init time and once a second
Use arch_get_random_seed*() in two places in the Linux random
driver (drivers/char/random.c):
1. During entropy pool initialization, use RDSEED in favor of RDRAND,
with a fallback to the latter. Entropy exhaustion is unlikely to
happen there on physical hardware as the machine is single-threaded
at that point, but could happen in a virtual machine. In that
case, the fallback to RDRAND will still provide more than adequate
entropy pool initialization.
2. Once a second, issue RDSEED and, if successful, feed it to the
entropy pool. To ensure an extra layer of security, only credit
half the entropy just in case.
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Diffstat (limited to 'net/key')
0 files changed, 0 insertions, 0 deletions