From ac0c5e2727a4c943ffe9c10c291e3ed64a080c5e Mon Sep 17 00:00:00 2001 From: Will Deacon Date: Fri, 18 Feb 2022 19:09:42 +0000 Subject: [PATCH] ANDROID: gki_defconfig: Enable CONFIG_RANDOM_TRUST_CPU=y Systems with a single early entropy source based on either CPU instructions or a firmware interface are unable to initialise the crng unless the CPU is "trusted". By default, the CPU is untrusted and so for protected virtual machines this causes a significant boot delay as the crng refuses to initialise solely from the TRNG hypercall: | [ 0.000000][ T0] random: get_random_u64 called from kmem_cache_open+0x2c/0x390 with crng_init=0 | ... | [ 1.297022][ T211] EXT4-fs (dm-24): mounted filesystem without journal. Opts: (null) | [ 3.362924][ C0] random: crng init done | [ 3.363543][ C0] random: 7 urandom warning(s) missed due to ratelimiting Since we trust the CPU and the firmware for many other things, such as executing instructions and initialising the system, flip the default around to trust CPU-backed entropy sources by default. This can be disabled on the kernel command-line by passing "random.trust_cpu=off". Bug: 220354122 Reported-by: Alan Stokes Signed-off-by: Will Deacon Change-Id: Ie09b6253936823814d7bfe5092923f0ec825403a --- arch/arm64/configs/gki_defconfig | 1 + arch/x86/configs/gki_defconfig | 1 + 2 files changed, 2 insertions(+) diff --git a/arch/arm64/configs/gki_defconfig b/arch/arm64/configs/gki_defconfig index 4e00698eb76e..857bf01d19b7 100644 --- a/arch/arm64/configs/gki_defconfig +++ b/arch/arm64/configs/gki_defconfig @@ -396,6 +396,7 @@ CONFIG_HW_RANDOM=y # CONFIG_HW_RANDOM_CAVIUM is not set # CONFIG_DEVMEM is not set # CONFIG_DEVPORT is not set +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_I2C_COMPAT is not set # CONFIG_I2C_HELPER_AUTO is not set CONFIG_I3C=y diff --git a/arch/x86/configs/gki_defconfig b/arch/x86/configs/gki_defconfig index f2405d9489d5..5eb7990013e9 100644 --- a/arch/x86/configs/gki_defconfig +++ b/arch/x86/configs/gki_defconfig @@ -359,6 +359,7 @@ CONFIG_HW_RANDOM=y # CONFIG_DEVMEM is not set # CONFIG_DEVPORT is not set CONFIG_HPET=y +CONFIG_RANDOM_TRUST_CPU=y # CONFIG_I2C_COMPAT is not set # CONFIG_I2C_HELPER_AUTO is not set CONFIG_I3C=y