projects / kconfig-hardened-check.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7f9ca33) | patch
Improve the HW_RANDOM_TPM check
authorAlexander Popov <alex.popov@linux.com>
Sun, 9 Oct 2022 18:04:19 +0000 (21:04 +0300)
committerAlexander Popov <alex.popov@linux.com>
Sun, 9 Oct 2022 18:04:19 +0000 (21:04 +0300)
commit5d58ae21516ac9f7b92e6ba98927ec5f2bb7e073
tree07ae6592d90af79c95a3ed19203ec8fc0a6fa67ctree | snapshot (zip tar.gz)
parent7f9ca336e7f48c966e18fece3804f8a3de5ce9b5commit | diff
Improve the HW_RANDOM_TPM check

RANDOM_TRUST_BOOTLOADER and RANDOM_TRUST_CPU should be disabled if
HW_RANDOM_TPM is enabled.

The Clip OS description:
Do not credit entropy included in Linux’s entropy pool when generated
by the CPU manufacturer’s HWRNG, the bootloader or the UEFI firmware.
Fast and robust initialization of Linux’s CSPRNG is instead achieved
thanks to the TPM’s HWRNG.
kconfig_hardened_check/__init__.py diff | blob | history
kconfig-hardened-check