[OE-core] [PATCH 2/3] rng-tools: Don't use /dev/urandom as rngd default source
Jan Kiszka
jan.kiszka at web.de
Mon Jul 10 19:37:28 UTC 2017
From: Jan Kiszka <jan.kiszka at siemens.com>
Big no-no when you want to have more than a toy device, so let's not
make this a default. See also https://lwn.net/Articles/525459.
Signed-off-by: Jan Kiszka <jan.kiszka at siemens.com>
---
meta/recipes-support/rng-tools/rng-tools/default | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/rng-tools/rng-tools/default b/meta/recipes-support/rng-tools/rng-tools/default
index 7aede9be03..b968f2b789 100644
--- a/meta/recipes-support/rng-tools/rng-tools/default
+++ b/meta/recipes-support/rng-tools/rng-tools/default
@@ -1,3 +1,6 @@
# Specify rng device
-#RNG_DEVICE=/dev/hwrng
-RNG_DEVICE=/dev/urandom
+RNG_DEVICE=/dev/hwrng
+
+# Don't use urandom as source unless you fully understood what that does to
+# your system security!
+#RNG_DEVICE=/dev/urandom
--
2.12.3
More information about the Openembedded-core
mailing list