Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-25 22:18:33 -05:00
Code Issues Projects Releases Packages Wiki Activity

Update docs on latent entropy

Browse source
This commit is contained in:
raja-grewal 2025-11-05 00:05:17 +00:00 committed by GitHub
parent 37b493826e
commit a46f678c7f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -261,6 +261,9 @@ Entropy:
- Obtain more entropy at boot from RAM as the runtime memory allocator is - Obtain more entropy at boot from RAM as the runtime memory allocator is
being initialized. being initialized.
- Obtain more entropy at boot from RAM as the runtime memory allocator is being
initialized to maximize the absolute quantity of entropy in the combined pool.
Networking: Networking:
- Optional - Disable the entire IPv6 stack to reduce attack surface. - Optional - Disable the entire IPv6 stack to reduce attack surface.

3
etc/default/grub.d/40_kernel_hardening.cfg#security-misc-shared
View file

@ -324,8 +324,9 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX random.trust_cpu=off"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX random.trust_bootloader=off" GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX random.trust_bootloader=off"
## Obtain more entropy during boot as the runtime memory allocator is being initialized. ## Obtain more entropy during boot as the runtime memory allocator is being initialized.
## Entropy will be extracted from up to the first 4GB of RAM. ## Entropy will be extracted from up to the first 4GB of RAM as another source.
## Note that entropy extracted this way is not cryptographically secure and so is not credited. ## Note that entropy extracted this way is not cryptographically secure and so is not credited.
## Maximizing the entropy pool at boot is desirable for all cryptographic operations.
## This will increase boot time due to interrupting the boot process. ## This will increase boot time due to interrupting the boot process.
## Requires the linux-hardened kernel patch. ## Requires the linux-hardened kernel patch.
## ##