security-misc/etc/default/grub.d/40_distrust_cpu.cfg

13 lines
686 B
INI
Raw Normal View History

2024-05-10 23:18:36 -04:00
## Copyright (C) 2019 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
2019-12-02 11:43:00 -05:00
## See the file COPYING for copying conditions.
2019-12-03 02:18:32 -05:00
## Distrusts the CPU for initial entropy at boot as it is not possible to
## audit, may contain weaknesses or a backdoor.
2019-12-02 11:43:00 -05:00
##
## https://en.wikipedia.org/wiki/RDRAND#Reception
2019-12-03 02:18:32 -05:00
## https://twitter.com/pid_eins/status/1149649806056280069
## https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html
## https://forums.whonix.org/t/entropy-config-random-trust-cpu-yes-or-no-rng-core-default-quality/8566
2022-07-12 14:36:34 -04:00
## https://lkml.org/lkml/2022/6/5/271
2019-12-02 11:43:00 -05:00
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX random.trust_cpu=off"