summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/Kconfig.debug24
1 files changed, 18 insertions, 6 deletions
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index c4159605bfbf..9d0a244074b9 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -1209,10 +1209,9 @@ config STACKTRACE
It is also used by various kernel debugging features that require
stack trace generation.
-config WARN_UNSEEDED_RANDOM
- bool "Warn when kernel uses unseeded randomness"
- default y
- depends on DEBUG_KERNEL
+config WARN_ALL_UNSEEDED_RANDOM
+ bool "Warn for all uses of unseeded randomness"
+ default n
help
Some parts of the kernel contain bugs relating to their use of
cryptographically secure random numbers before it's actually possible
@@ -1222,8 +1221,21 @@ config WARN_UNSEEDED_RANDOM
are going wrong, so that they might contact developers about fixing
it.
- Say Y here, unless you simply do not care about using unseeded
- randomness and do not want a potential warning message in your logs.
+ Unfortunately, on some models of some architectures getting
+ a fully seeded CRNG is extremely difficult, and so this can
+ result in dmesg getting spammed for a surprisingly long
+ time. This is really bad from a security perspective, and
+ so architecture maintainers really need to do what they can
+ to get the CRNG seeded sooner after the system is booted.
+ However, since users can not do anything actionble to
+ address this, by default the kernel will issue only a single
+ warning for the first use of unseeded randomness.
+
+ Say Y here if you want to receive warnings for all uses of
+ unseeded randomness. This will be of use primarily for
+ those developers interersted in improving the security of
+ Linux kernels running on their architecture (or
+ subarchitecture).
config DEBUG_KOBJECT
bool "kobject debugging"