[Kernel-packages] [Bug 1823754] Re: Set CONFIG_RANDOM_TRUST_CPU=y

Launchpad Bug Tracker Thu, 11 Apr 2019 08:51:21 -0700

This bug was fixed in the package linux-aws - 5.0.0-1002.2

---------------
linux-aws (5.0.0-1002.2) disco; urgency=medium


  * linux-aws: 5.0.0-1002.2 -proposed tracker (LP: #1823219)

  * Set CONFIG_RANDOM_TRUST_CPU=y (LP: #1823754)
    - [Config] CONFIG_RANDOM_TRUST_CPU=y

  * net and ftrace selftests failures due to missing test modules (LP: #1823407)
    - SAUCE: selftests: net: don't fail test_bpf when module is not present
    - SAUCE: selftests: ftrace: don't fail for unresolved tests

  * Please ship the ib_uverbs driver module in the main modules package
    (LP: #1822692)
    - [config] AWS: ib_uverbs.ko, ib_umad.ko moved to linux-modules package

  * Miscellaneous Ubuntu changes
    - [Config] update configs following rebase to 5.0.0-10.11

 -- Seth Forshee <seth.fors...@canonical.com>  Tue, 09 Apr 2019 11:13:53
-0500

** Changed in: linux-aws (Ubuntu)
       Status: Fix Committed => Fix Released

** Changed in: linux-kvm (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-9857

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-aws in Ubuntu.
https://bugs.launchpad.net/bugs/1823754

Title:
  Set CONFIG_RANDOM_TRUST_CPU=y

Status in linux-aws package in Ubuntu:
  Fix Released
Status in linux-azure package in Ubuntu:
  Fix Released
Status in linux-gcp package in Ubuntu:
  Fix Committed
Status in linux-kvm package in Ubuntu:
  Fix Released

Bug description:
  SRU Justification

  Impact: Turning this option on will make our kernels by default trust
  the CPU's random number generator for the purpose of initializing the
  kernel's CRNG on Intel, AMD, and IBM CPUs. Users can disable this at
  boot time by passing random.trust_cpu=off. Turning this on has the
  potential to prevent getrandom(2) from blocking during early boot.
  This option was turned on in the master kernel shortly before disco
  kernel freeze; this bug is about propagating the option to derivative
  kernels.

  Regression Potential: No user-visible regressions are expected. Some
  security-conscious users may prefer to not trust the CPU maker's RNG,
  but in that case the boot options is available.

  Test Case: The benefit is difficult to verify empirically in Ubuntu
  kernels since we carry a patch to avoid problems with getrandom(2)
  blocking immediately following boot. However, it is possible to see
  whether or not the kernel used the CPU RNG for initializing the CRNG
  by searching for the string "random: crng done (trusting CPU's
  manufacturer)" in dmesg.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-aws/+bug/1823754/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1823754] Re: Set CONFIG_RANDOM_TRUST_CPU=y

Reply via email to