Jitter RNG ES: remove setting full entropy

smuellerDD · smuellerDD · commit fcee6e4cce57 · 2025-07-16T10:00:52.000+02:00
Reasons:

- Jitter RNG 2.2.0 in older kernels cannot produce full entropy (as you
rightfully pointed out, thanks!)

- Jitter RNG 3.x can produce full entropy (and that was the consideration of
the patch), but I should drop the lines nonetheless, because the now present
automatic resampling of entropy in [1] allows the LRNG to achieve full entropy
even of the ES does not provide full entropy. Therefore, there is no harm in
removing it these days.

Reported-by: Joshua Hill
Signed-off-by: Stephan Mueller &lt;smueller@chronox.de&gt;
diff --git a/lrng_es_jent.c b/lrng_es_jent.c
@@ -328,18 +328,6 @@ static int __init lrng_jent_initialize(void)
 	lrng_jent_initialized = true;
 	pr_debug("Jitter RNG working on current system\n");
 
-	/*
-	 * In FIPS mode, the Jitter RNG is defined to have full of entropy
-	 * unless a different value has been specified at the command line
-	 * (i.e. the user overrides the default), and the default value is
-	 * larger than zero (if it is zero, it is assumed that an RBG2(P) or
-	 * RBG2(NP) construction is attempted that intends to exclude the
-	 * Jitter RNG).
-	 */
-	if (fips_enabled && CONFIG_LRNG_JENT_ENTROPY_RATE > 0 &&
-	    jent_entropy == CONFIG_LRNG_JENT_ENTROPY_RATE)
-		jent_entropy = LRNG_DRNG_SECURITY_STRENGTH_BITS;
-
 	if (jent_entropy)
 		lrng_force_fully_seeded();
 
