security-misc/etc/default/grub.d/40_distrust_cpu.cfg
Patrick Schleizer 2d37e3a1af
copyright
2022-05-20 14:46:38 -04:00

12 lines
648 B
INI

## Copyright (C) 2019 - 2022 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.
## Distrusts the CPU for initial entropy at boot as it is not possible to
## audit, may contain weaknesses or a backdoor.
##
## https://en.wikipedia.org/wiki/RDRAND#Reception
## https://twitter.com/pid_eins/status/1149649806056280069
## https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html
## https://forums.whonix.org/t/entropy-config-random-trust-cpu-yes-or-no-rng-core-default-quality/8566
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX random.trust_cpu=off"