From f6b6ab374ea2b24dfd4ac49bc1a595b50ab3d952 Mon Sep 17 00:00:00 2001 From: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun, 16 Feb 2020 19:51:32 +0000 Subject: [PATCH 1/2] Gather more entropy during boot --- etc/default/grub.d/40_kernel_hardening.cfg | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/etc/default/grub.d/40_kernel_hardening.cfg b/etc/default/grub.d/40_kernel_hardening.cfg index e456416..6bdbff2 100644 --- a/etc/default/grub.d/40_kernel_hardening.cfg +++ b/etc/default/grub.d/40_kernel_hardening.cfg @@ -53,3 +53,9 @@ fi #if dpkg --compare-versions "${kver}" ge "5.4"; then # GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX lockdown=confidentiality" #fi + +## Gather more entropy during boot. +## +## Requires linux-hardened kernel patch. +## https://github.com/anthraxx/linux-hardened +GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX extra_latent_entropy" From 8ea4e50c8e9c3c9ee650b665a32b78f67aedc1aa Mon Sep 17 00:00:00 2001 From: madaidan <50278627+madaidan@users.noreply.github.com> Date: Sun, 16 Feb 2020 19:52:40 +0000 Subject: [PATCH 2/2] Update control --- debian/control | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian/control b/debian/control index ecf129e..be53466 100644 --- a/debian/control +++ b/debian/control @@ -136,6 +136,8 @@ Description: enhances misc security settings * https://twitter.com/pid_eins/status/1149649806056280069 * For more references, see: * /etc/default/grub.d/40_distrust_cpu.cfg + . + * Gathers more entropy during boot if using the linux-hardened kernel patch. . Uncommon network protocols are blacklisted: These are rarely used and may have unknown vulnerabilities.