[Whonix-devel] How to confirm jitter .ko was loaded
procmem at riseup.net
procmem at riseup.net
Fri Apr 26 20:47:43 CEST 2019
On 4/26/19 8:43 PM, Stephan Mueller wrote:
> Am Freitag, 26. April 2019, 18:08:48 CEST schrieb procmem at riseup.net:
>
> Hi,
>> Yeah this is likely the problem I think. 'y' would make it load always
>> while 'm' means the module is available to be called upon and loaded
>> when needed but otherwise it is dormant.
> Hm, I do not think that setting it to y is what is necessary.
>
> In crypto/Kconfig:
>
> config CRYPTO_DRBG
> tristate
> default CRYPTO_DRBG_MENU
> select CRYPTO_RNG
> select CRYPTO_JITTERENTROPY
>
> So, if the DRBG is selected as m, jitterentropy is selected as m. If the DRBG
> is y, jitterentropy is y.
I see.
> Let us go back to your issue: why do you think you need the jitterentropy RNG
> in the kernel to begin with?
>
My purpose is to be 100% sure /dev/urandom was seeded properly from a
robust entropy source (jitter_entropy.ko's use of CPU timers in this
case) before users can use any crypto tools that depend on it. AFAIU the
jitter service makes sure these APIs are blocked until properly seeded
once at boot then prevents this irritating behavior for those few apps
that depend on /dev/random.
More information about the Whonix-devel
mailing list