alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

linux: enable RANDOM_TRUST_CPU

Browse source 
Allows the RDRAND instruction to seed the kernel RNG. This should lead
to faster CRNG initialization, since the kernel can use the processors
capabilities directly. This is default enabled in Debian [1] and Fedora
[2] as well.

[1]: https://salsa.debian.org/kernel-team/linux/-/blob/debian/5.10.13-1/debian/config/config#L459
[2]: https://src.fedoraproject.org/rpms/kernel/blob/rawhide/f/kernel-x86_64-fedora.config#_4907
This commit is contained in:
Rouven Czerwinski 2021-02-24 05:35:03 +01:00 committed by Tim Steinbach
parent 3061c1a183
commit 368bdd13f6
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pkgs/os-specific/linux/kernel/common-config.nix
View file

@ -435,6 +435,8 @@ let
SECURITY_APPARMOR = yes;
DEFAULT_SECURITY_APPARMOR = yes;
RANDOM_TRUST_CPU = yes; # allow RDRAND to seed the RNG
MODULE_SIG = no; # r13y, generates a random key during build and bakes it in
# Depends on MODULE_SIG and only really helps when you sign your modules
# and enforce signatures which we don't do by default.