-
Notifications
You must be signed in to change notification settings - Fork 102
/
Kconfig
212 lines (169 loc) · 6.98 KB
/
Kconfig
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
# SPDX-License-Identifier: GPL-2.0
#
# Linux Random Number Generator configuration
#
menuconfig LRNG
bool "Linux Random Number Generator"
select CRYPTO_LIB_SHA256 if CRYPTO
help
The Linux Random Number Generator (LRNG) is the replacement
of the existing /dev/random provided with drivers/char/random.c.
It generates entropy from different noise sources and
delivers significant entropy during boot.
if LRNG
menu "Specific DRNG seeding strategies"
config LRNG_OVERSAMPLE_ENTROPY_SOURCES
bool "Oversample entropy sources"
default n
help
When enabling this option, the entropy sources are
over-sampled with the following approach: First, the
the entropy sources are requested to provide 64 bits more
entropy than the size of the entropy buffer. For example,
if the entropy buffer is 256 bits, 320 bits of entropy
is requested to fill that buffer.
Second, the seed operation of the deterministic RNG
requests 128 bits more data from each entropy source than
the security strength of the DRNG during initialization.
A prerequisite for this operation is that the digest size
of the used hash must be at least equally large to generate
that buffer. If the prerequisite is not met, this
oversampling is not applied.
This strategy is intended to offset the asymptotic entropy
increase to reach full entropy in a buffer.
The strategy is consistent with the requirements in
NIST SP800-90C and is only enforced with fips=1.
If unsure, say N.
config LRNG_OVERSAMPLE_ES_BITS
int
default 0 if !LRNG_OVERSAMPLE_ENTROPY_SOURCES
default 64 if LRNG_OVERSAMPLE_ENTROPY_SOURCES
config LRNG_SEED_BUFFER_INIT_ADD_BITS
int
default 0 if !LRNG_OVERSAMPLE_ENTROPY_SOURCES
default 128 if LRNG_OVERSAMPLE_ENTROPY_SOURCES
endmenu # "Specific DRNG seeding strategies"
menu "Entropy Source Configuration"
comment "Interrupt Entropy Source"
choice
prompt "Continuous entropy compression boot time setting"
default LRNG_CONTINUOUS_COMPRESSION_ENABLED
help
Select the default behavior of the interrupt entropy source
continuous compression operation.
The Linux RNG collects entropy data during each interrupt.
For performance reasons, a amount of entropy data defined by
the LRNG entropy collection pool size is concatenated into
an array. When that array is filled up, a hash is calculated
to compress the entropy. That hash is calculated in
interrupt context.
In case such hash calculation in interrupt context is deemed
too time-consuming, the continuous compression operation
can be disabled. If disabled, the collection of entropy will
not trigger a hash compression operation in interrupt context.
The compression happens only when the DRNG is reseeded which is
in process context. This implies that old entropy data
collected after the last DRNG-reseed is overwritten with newer
entropy data once the collection pool is full instead of
retaining its entropy with the compression operation.
config LRNG_CONTINUOUS_COMPRESSION_ENABLED
bool "Enable continuous compression (default)"
config LRNG_CONTINUOUS_COMPRESSION_DISABLED
bool "Disable continuous compression"
endchoice
config LRNG_ENABLE_CONTINUOUS_COMPRESSION
bool
default y if LRNG_CONTINUOUS_COMPRESSION_ENABLED
default n if LRNG_CONTINUOUS_COMPRESSION_DISABLED
config LRNG_SWITCHABLE_CONTINUOUS_COMPRESSION
bool "Runtime-switchable continuous entropy compression"
help
Per default, the interrupt entropy source continuous
compression operation behavior is hard-wired into the kernel.
Enable this option to allow it to be configurable at boot time.
To modify the default behavior of the continuous
compression operation, use the kernel command line option
of lrng_sw_noise.lrng_pcpu_continuous_compression.
If unsure, say N.
choice
prompt "LRNG Entropy Collection Pool Size"
default LRNG_COLLECTION_SIZE_1024
help
Select the size of the LRNG entropy collection pool
storing data for the interrupt entropy source without
performing a compression operation. The larger the
collection size is, the faster the average interrupt
handling will be. The collection size represents the
number of bytes of the per-CPU memory used to batch
up entropy event data.
The default value is good for regular operations. Choose
larger sizes for servers that have no memory limitations.
If runtime memory is precious, choose a smaller size.
The collection size is unrelated to the entropy rate
or the amount of entropy the LRNG can process.
config LRNG_COLLECTION_SIZE_32
depends on LRNG_CONTINUOUS_COMPRESSION_ENABLED
depends on !LRNG_SWITCHABLE_CONTINUOUS_COMPRESSION
depends on !LRNG_OVERSAMPLE_ENTROPY_SOURCES
bool "32 interrupt events"
config LRNG_COLLECTION_SIZE_256
depends on !LRNG_OVERSAMPLE_ENTROPY_SOURCES
bool "256 interrupt events"
config LRNG_COLLECTION_SIZE_512
bool "512 interrupt events"
config LRNG_COLLECTION_SIZE_1024
bool "1024 interrupt events (default)"
config LRNG_COLLECTION_SIZE_2048
bool "2048 interrupt events"
config LRNG_COLLECTION_SIZE_4096
bool "4096 interrupt events"
config LRNG_COLLECTION_SIZE_8192
bool "8192 interrupt events"
endchoice
config LRNG_COLLECTION_SIZE
int
default 32 if LRNG_COLLECTION_SIZE_32
default 256 if LRNG_COLLECTION_SIZE_256
default 512 if LRNG_COLLECTION_SIZE_512
default 1024 if LRNG_COLLECTION_SIZE_1024
default 2048 if LRNG_COLLECTION_SIZE_2048
default 4096 if LRNG_COLLECTION_SIZE_4096
default 8192 if LRNG_COLLECTION_SIZE_8192
config LRNG_IRQ_ENTROPY_RATE
int "Interrupt Entropy Source Entropy Rate"
range 256 4294967295
default 256
help
The LRNG will collect the configured number of interrupts to
obtain 256 bits of entropy. This value can be set to any between
256 and 4294967295. The LRNG guarantees that this value is not
lower than 256. This lower limit implies that one interrupt event
is credited with one bit of entropy. This value is subject to the
increase by the oversampling factor, if no high-resolution timer
is found.
In order to effectively disable the interrupt entropy source,
the option has to be set to 4294967295. In this case, the
interrupt entropy source will still deliver data but without
being credited with entropy.
comment "CPU Entropy Source"
config LRNG_CPU_ENTROPY_RATE
int "CPU Entropy Source Entropy Rate"
range 0 256
default 8
help
The option defines the amount of entropy the LRNG applies to 256
bits of data obtained from the CPU entropy source. The LRNG
enforces the limit that this value must be in the range between
0 and 256.
In order to disable the CPU entropy source, the option has to
be set to 0.
Note, this option is overwritten when the option
CONFIG_RANDOM_TRUST_CPU is set.
endmenu # "Entropy Source Configuration"
menuconfig LRNG_DRNG_SWITCH
bool "Support DRNG runtime switching"
help
The Linux RNG per default uses a ChaCha20 DRNG that is
accessible via the external interfaces. With this configuration
option other DRNGs can be selected and loaded at runtime.
endif # LRNG