commit 368bdd13f6552806057ea3b7285a3b56322b69b2 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

linux: enable RANDOM_TRUST_CPU

Allows the RDRAND instruction to seed the kernel RNG. This should lead
to faster CRNG initialization, since the kernel can use the processors
capabilities directly. This is default enabled in Debian [1] and Fedora
[2] as well.

[1]: https://salsa.debian.org/kernel-team/linux/-/blob/debian/5.10.13-1/debian/config/config#L459
[2]: https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel-x86_64-fedora.config#_4907

authored by Rouven Czerwinski and committed by Tim Steinbach 4 years ago 368bdd13 3061c1a1

1 changed file

expand all

unified split

pkgs

os-specific

linux

kernel

common-config.nix

pkgs/os-specific/linux/kernel/common-config.nix

··· 435 SECURITY_APPARMOR = yes; 436 DEFAULT_SECURITY_APPARMOR = yes; 437 438 MODULE_SIG = no; # r13y, generates a random key during build and bakes it in 439 # Depends on MODULE_SIG and only really helps when you sign your modules 440 # and enforce signatures which we don't do by default.

··· 435 SECURITY_APPARMOR = yes; 436 DEFAULT_SECURITY_APPARMOR = yes; 437 438 + RANDOM_TRUST_CPU = yes; # allow RDRAND to seed the RNG 439 + 440 MODULE_SIG = no; # r13y, generates a random key during build and bakes it in 441 # Depends on MODULE_SIG and only really helps when you sign your modules 442 # and enforce signatures which we don't do by default.