diff options
Diffstat (limited to 'lib/Kconfig.debug')
-rw-r--r-- | lib/Kconfig.debug | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index c4159605bfbf..9d0a244074b9 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -1209,10 +1209,9 @@ config STACKTRACE It is also used by various kernel debugging features that require stack trace generation. -config WARN_UNSEEDED_RANDOM - bool "Warn when kernel uses unseeded randomness" - default y - depends on DEBUG_KERNEL +config WARN_ALL_UNSEEDED_RANDOM + bool "Warn for all uses of unseeded randomness" + default n help Some parts of the kernel contain bugs relating to their use of cryptographically secure random numbers before it's actually possible @@ -1222,8 +1221,21 @@ config WARN_UNSEEDED_RANDOM are going wrong, so that they might contact developers about fixing it. - Say Y here, unless you simply do not care about using unseeded - randomness and do not want a potential warning message in your logs. + Unfortunately, on some models of some architectures getting + a fully seeded CRNG is extremely difficult, and so this can + result in dmesg getting spammed for a surprisingly long + time. This is really bad from a security perspective, and + so architecture maintainers really need to do what they can + to get the CRNG seeded sooner after the system is booted. + However, since users can not do anything actionble to + address this, by default the kernel will issue only a single + warning for the first use of unseeded randomness. + + Say Y here if you want to receive warnings for all uses of + unseeded randomness. This will be of use primarily for + those developers interersted in improving the security of + Linux kernels running on their architecture (or + subarchitecture). config DEBUG_KOBJECT bool "kobject debugging" |