License cleanup: add SPDX GPL-2.0 license identifier to files with no license
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.
By default all files without license information are under the default
license of the kernel, which is GPL version 2.
Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier. The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.
This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.
How this work was done:
Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
- file had no licensing information it it.
- file was a */uapi/* one with no licensing information in it,
- file was a */uapi/* one with existing licensing information,
Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.
The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode & Windriver) producing SPDX
tag:value files created by Philippe Ombredanne. Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.
The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed. Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.
Criteria used to select files for SPDX license identifier tagging was:
- Files considered eligible had to be source code files.
- Make and config files were included as candidates if they contained >5
lines of source
- File already had some variant of a license header in it (even if <5
lines).
All documentation files were explicitly excluded.
The following heuristics were used to determine which SPDX license
identifiers to apply.
- when both scanners couldn't find any license traces, file was
considered to have no license information in it, and the top level
COPYING file license applied.
For non */uapi/* files that summary was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 11139
and resulted in the first patch in this series.
If that file was a */uapi/* path one, it was "GPL-2.0 WITH
Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 WITH Linux-syscall-note 930
and resulted in the second patch in this series.
- if a file had some form of licensing information in it, and was one
of the */uapi/* ones, it was denoted with the Linux-syscall-note if
any GPL family license was found in the file or had no licensing in
it (per prior point). Results summary:
SPDX license identifier # files
---------------------------------------------------|------
GPL-2.0 WITH Linux-syscall-note 270
GPL-2.0+ WITH Linux-syscall-note 169
((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21
((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17
LGPL-2.1+ WITH Linux-syscall-note 15
GPL-1.0+ WITH Linux-syscall-note 14
((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5
LGPL-2.0+ WITH Linux-syscall-note 4
LGPL-2.1 WITH Linux-syscall-note 3
((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3
((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1
and that resulted in the third patch in this series.
- when the two scanners agreed on the detected license(s), that became
the concluded license(s).
- when there was disagreement between the two scanners (one detected a
license but the other didn't, or they both detected different
licenses) a manual inspection of the file occurred.
- In most cases a manual inspection of the information in the file
resulted in a clear resolution of the license that should apply (and
which scanner probably needed to revisit its heuristics).
- When it was not immediately clear, the license identifier was
confirmed with lawyers working with the Linux Foundation.
- If there was any question as to the appropriate license identifier,
the file was flagged for further research and to be revisited later
in time.
In total, over 70 hours of logged manual review was done on the
spreadsheet to determine the SPDX license identifiers to apply to the
source files by Kate, Philippe, Thomas and, in some cases, confirmation
by lawyers working with the Linux Foundation.
Kate also obtained a third independent scan of the 4.13 code base from
FOSSology, and compared selected files where the other two scanners
disagreed against that SPDX file, to see if there was new insights. The
Windriver scanner is based on an older version of FOSSology in part, so
they are related.
Thomas did random spot checks in about 500 files from the spreadsheets
for the uapi headers and agreed with SPDX license identifier in the
files he inspected. For the non-uapi files Thomas did random spot checks
in about 15000 files.
In initial set of patches against 4.14-rc6, 3 files were found to have
copy/paste license identifier errors, and have been fixed to reflect the
correct identifier.
Additionally Philippe spent 10 hours this week doing a detailed manual
inspection and review of the 12,461 patched files from the initial patch
version early this week with:
- a full scancode scan run, collecting the matched texts, detected
license ids and scores
- reviewing anything where there was a license detected (about 500+
files) to ensure that the applied SPDX license was correct
- reviewing anything where there was no detection but the patch license
was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied
SPDX license was correct
This produced a worksheet with 20 files needing minor correction. This
worksheet was then exported into 3 different .csv files for the
different types of files to be modified.
These .csv files were then reviewed by Greg. Thomas wrote a script to
parse the csv files and add the proper SPDX tag to the file, in the
format that the file expected. This script was further refined by Greg
based on the output to detect more types of files automatically and to
distinguish between header and source .c files (which need different
comment types.) Finally Greg ran the script using the .csv files to
generate the patches.
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-01 14:07:57 +00:00
|
|
|
# SPDX-License-Identifier: GPL-2.0
|
2005-04-16 22:20:36 +00:00
|
|
|
#
|
|
|
|
|
# Character device configuration
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
menu "Character devices"
|
|
|
|
|
|
2011-02-22 23:41:47 +00:00
|
|
|
source "drivers/tty/Kconfig"
|
2006-06-26 07:27:12 +00:00
|
|
|
|
2010-08-25 18:44:07 +00:00
|
|
|
config TTY_PRINTK
|
2014-04-02 12:45:22 +00:00
|
|
|
tristate "TTY driver to output user messages via printk"
|
2013-01-18 06:44:22 +00:00
|
|
|
depends on EXPERT && TTY
|
2010-08-25 18:44:07 +00:00
|
|
|
default n
|
2020-06-13 16:50:22 +00:00
|
|
|
help
|
2010-08-25 18:44:07 +00:00
|
|
|
If you say Y here, the support for writing user messages (i.e.
|
|
|
|
|
console messages) via printk is available.
|
|
|
|
|
|
|
|
|
|
The feature is useful to inline user messages with kernel
|
|
|
|
|
messages.
|
|
|
|
|
In order to use this feature, you should output user messages
|
2022-02-15 14:17:49 +00:00
|
|
|
to /dev/ttyprintk or redirect console to this TTY, or boot
|
|
|
|
|
the kernel with console=ttyprintk.
|
2010-08-25 18:44:07 +00:00
|
|
|
|
|
|
|
|
If unsure, say N.
|
|
|
|
|
|
2018-11-06 22:11:37 +00:00
|
|
|
config TTY_PRINTK_LEVEL
|
|
|
|
|
depends on TTY_PRINTK
|
|
|
|
|
int "ttyprintk log level (1-7)"
|
|
|
|
|
range 1 7
|
|
|
|
|
default "6"
|
|
|
|
|
help
|
|
|
|
|
Printk log level to use for ttyprintk messages.
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
config PRINTER
|
|
|
|
|
tristate "Parallel printer support"
|
|
|
|
|
depends on PARPORT
|
2020-06-13 16:50:22 +00:00
|
|
|
help
|
2005-04-16 22:20:36 +00:00
|
|
|
If you intend to attach a printer to the parallel port of your Linux
|
|
|
|
|
box (as opposed to using a serial printer; if the connector at the
|
|
|
|
|
printer has 9 or 25 holes ["female"], then it's serial), say Y.
|
|
|
|
|
Also read the Printing-HOWTO, available from
|
2020-07-13 10:44:53 +00:00
|
|
|
<https://www.tldp.org/docs.html#howto>.
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
It is possible to share one parallel port among several devices
|
|
|
|
|
(e.g. printer and ZIP drive) and it is safe to compile the
|
|
|
|
|
corresponding drivers into the kernel.
|
|
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here and read
|
2018-05-08 18:14:57 +00:00
|
|
|
<file:Documentation/admin-guide/parport.rst>. The module will be called lp.
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
If you have several parallel ports, you can specify which ports to
|
|
|
|
|
use with the "lp" kernel command line option. (Try "man bootparam"
|
|
|
|
|
or see the documentation of your boot loader (lilo or loadlin) about
|
|
|
|
|
how to pass options to the kernel at boot time.) The syntax of the
|
|
|
|
|
"lp" command line option can be found in <file:drivers/char/lp.c>.
|
|
|
|
|
|
|
|
|
|
If you have more than 8 printers, you need to increase the LP_NO
|
|
|
|
|
macro in lp.c and the PARPORT_MAX macro in parport.h.
|
|
|
|
|
|
|
|
|
|
config LP_CONSOLE
|
|
|
|
|
bool "Support for console on line printer"
|
|
|
|
|
depends on PRINTER
|
2020-06-13 16:50:22 +00:00
|
|
|
help
|
2005-04-16 22:20:36 +00:00
|
|
|
If you want kernel messages to be printed out as they occur, you
|
|
|
|
|
can have a console on the printer. This option adds support for
|
|
|
|
|
doing that; to actually get it to happen you need to pass the
|
|
|
|
|
option "console=lp0" to the kernel at boot time.
|
|
|
|
|
|
|
|
|
|
If the printer is out of paper (or off, or unplugged, or too
|
|
|
|
|
busy..) the kernel will stall until the printer is ready again.
|
|
|
|
|
By defining CONSOLE_LP_STRICT to 0 (at your own risk) you
|
|
|
|
|
can make the kernel continue when this happens,
|
|
|
|
|
but it'll lose the kernel messages.
|
|
|
|
|
|
|
|
|
|
If unsure, say N.
|
|
|
|
|
|
|
|
|
|
config PPDEV
|
|
|
|
|
tristate "Support for user-space parallel port device drivers"
|
|
|
|
|
depends on PARPORT
|
2020-06-13 16:50:22 +00:00
|
|
|
help
|
2005-04-16 22:20:36 +00:00
|
|
|
Saying Y to this adds support for /dev/parport device nodes. This
|
|
|
|
|
is needed for programs that want portable access to the parallel
|
|
|
|
|
port, for instance deviceid (which displays Plug-and-Play device
|
|
|
|
|
IDs).
|
|
|
|
|
|
|
|
|
|
This is the parallel port equivalent of SCSI generic support (sg).
|
|
|
|
|
It is safe to say N to this -- it is not needed for normal printing
|
|
|
|
|
or parallel port CD-ROM/disk support.
|
|
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
|
|
|
module will be called ppdev.
|
|
|
|
|
|
|
|
|
|
If unsure, say N.
|
|
|
|
|
|
2007-10-22 01:03:39 +00:00
|
|
|
config VIRTIO_CONSOLE
|
2008-07-25 17:06:06 +00:00
|
|
|
tristate "Virtio console"
|
2020-08-31 16:58:50 +00:00
|
|
|
depends on TTY
|
2007-10-22 01:03:39 +00:00
|
|
|
select HVC_DRIVER
|
2020-08-31 16:58:50 +00:00
|
|
|
select VIRTIO
|
2008-07-25 17:06:06 +00:00
|
|
|
help
|
2017-08-16 17:31:57 +00:00
|
|
|
Virtio console for use with hypervisors.
|
2008-07-25 17:06:06 +00:00
|
|
|
|
2009-12-21 16:06:04 +00:00
|
|
|
Also serves as a general-purpose serial device for data
|
|
|
|
|
transfer between the guest and host. Character devices at
|
|
|
|
|
/dev/vportNpn will be created when corresponding ports are
|
|
|
|
|
found, where N is the device number and n is the port number
|
|
|
|
|
within that device. If specified by the host, a sysfs
|
|
|
|
|
attribute called 'name' will be populated with a name for
|
|
|
|
|
the port which can be used by udev scripts to create a
|
|
|
|
|
symlink to the device.
|
2007-10-22 01:03:39 +00:00
|
|
|
|
2008-07-08 05:45:11 +00:00
|
|
|
config IBM_BSR
|
|
|
|
|
tristate "IBM POWER Barrier Synchronization Register support"
|
|
|
|
|
depends on PPC_PSERIES
|
|
|
|
|
help
|
|
|
|
|
This devices exposes a hardware mechanism for fast synchronization
|
|
|
|
|
of threads across a large system which avoids bouncing a cacheline
|
|
|
|
|
between several cores on a system
|
|
|
|
|
|
2016-06-29 03:38:39 +00:00
|
|
|
config POWERNV_OP_PANEL
|
|
|
|
|
tristate "IBM POWERNV Operator Panel Display support"
|
|
|
|
|
depends on PPC_POWERNV
|
|
|
|
|
default m
|
|
|
|
|
help
|
|
|
|
|
If you say Y here, a special character device node, /dev/op_panel,
|
|
|
|
|
will be created which exposes the operator panel display on IBM
|
|
|
|
|
Power Systems machines with FSPs.
|
|
|
|
|
|
|
|
|
|
If you don't require access to the operator panel display from user
|
|
|
|
|
space, say N.
|
|
|
|
|
|
|
|
|
|
If unsure, say M here to build it as a module called powernv-op-panel.
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
source "drivers/char/ipmi/Kconfig"
|
|
|
|
|
|
|
|
|
|
config DS1620
|
|
|
|
|
tristate "NetWinder thermometer support"
|
|
|
|
|
depends on ARCH_NETWINDER
|
|
|
|
|
help
|
|
|
|
|
Say Y here to include support for the thermal management hardware
|
|
|
|
|
found in the NetWinder. This driver allows the user to control the
|
|
|
|
|
temperature set points and to read the current temperature.
|
|
|
|
|
|
|
|
|
|
It is also possible to say M here to build it as a module (ds1620)
|
|
|
|
|
It is recommended to be used on a NetWinder, but it is not a
|
|
|
|
|
necessity.
|
|
|
|
|
|
|
|
|
|
config NWBUTTON
|
|
|
|
|
tristate "NetWinder Button"
|
|
|
|
|
depends on ARCH_NETWINDER
|
2020-06-13 16:50:22 +00:00
|
|
|
help
|
2005-04-16 22:20:36 +00:00
|
|
|
If you say Y here and create a character device node /dev/nwbutton
|
|
|
|
|
with major and minor numbers 10 and 158 ("man mknod"), then every
|
|
|
|
|
time the orange button is pressed a number of times, the number of
|
|
|
|
|
times the button was pressed will be written to that device.
|
|
|
|
|
|
|
|
|
|
This is most useful for applications, as yet unwritten, which
|
|
|
|
|
perform actions based on how many times the button is pressed in a
|
|
|
|
|
row.
|
|
|
|
|
|
|
|
|
|
Do not hold the button down for too long, as the driver does not
|
|
|
|
|
alter the behaviour of the hardware reset circuitry attached to the
|
|
|
|
|
button; it will still execute a hard reset if the button is held
|
|
|
|
|
down for longer than approximately five seconds.
|
|
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
|
|
|
module will be called nwbutton.
|
|
|
|
|
|
|
|
|
|
Most people will answer Y to this question and "Reboot Using Button"
|
|
|
|
|
below to be able to initiate a system shutdown from the button.
|
|
|
|
|
|
|
|
|
|
config NWBUTTON_REBOOT
|
|
|
|
|
bool "Reboot Using Button"
|
|
|
|
|
depends on NWBUTTON
|
|
|
|
|
help
|
|
|
|
|
If you say Y here, then you will be able to initiate a system
|
|
|
|
|
shutdown and reboot by pressing the orange button a number of times.
|
|
|
|
|
The number of presses to initiate the shutdown is two by default,
|
|
|
|
|
but this can be altered by modifying the value of NUM_PRESSES_REBOOT
|
|
|
|
|
in nwbutton.h and recompiling the driver or, if you compile the
|
|
|
|
|
driver as a module, you can specify the number of presses at load
|
|
|
|
|
time with "insmod button reboot_count=<something>".
|
|
|
|
|
|
|
|
|
|
config NWFLASH
|
|
|
|
|
tristate "NetWinder flash support"
|
|
|
|
|
depends on ARCH_NETWINDER
|
2020-06-13 16:50:22 +00:00
|
|
|
help
|
2005-04-16 22:20:36 +00:00
|
|
|
If you say Y here and create a character device /dev/flash with
|
|
|
|
|
major 10 and minor 160 you can manipulate the flash ROM containing
|
|
|
|
|
the NetWinder firmware. Be careful as accidentally overwriting the
|
|
|
|
|
flash contents can render your computer unbootable. On no account
|
|
|
|
|
allow random users access to this device. :-)
|
|
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
|
|
|
module will be called nwflash.
|
|
|
|
|
|
|
|
|
|
If you're not sure, say N.
|
|
|
|
|
|
2006-06-26 07:24:59 +00:00
|
|
|
source "drivers/char/hw_random/Kconfig"
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
config DTLK
|
|
|
|
|
tristate "Double Talk PC internal speech card support"
|
2007-05-10 13:45:56 +00:00
|
|
|
depends on ISA
|
2005-04-16 22:20:36 +00:00
|
|
|
help
|
|
|
|
|
This driver is for the DoubleTalk PC, a speech synthesizer
|
2020-07-13 10:44:53 +00:00
|
|
|
manufactured by RC Systems (<https://www.rcsys.com/>). It is also
|
2005-04-16 22:20:36 +00:00
|
|
|
called the `internal DoubleTalk'.
|
|
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
|
|
|
module will be called dtlk.
|
|
|
|
|
|
2008-02-05 17:24:09 +00:00
|
|
|
config XILINX_HWICAP
|
|
|
|
|
tristate "Xilinx HWICAP Support"
|
2020-05-21 16:55:52 +00:00
|
|
|
depends on MICROBLAZE
|
2008-02-05 17:24:09 +00:00
|
|
|
help
|
|
|
|
|
This option enables support for Xilinx Internal Configuration
|
|
|
|
|
Access Port (ICAP) driver. The ICAP is used on Xilinx Virtex
|
|
|
|
|
FPGA platforms to partially reconfigure the FPGA at runtime.
|
|
|
|
|
|
|
|
|
|
If unsure, say N.
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
config APPLICOM
|
|
|
|
|
tristate "Applicom intelligent fieldbus card support"
|
|
|
|
|
depends on PCI
|
2020-06-13 16:50:22 +00:00
|
|
|
help
|
2005-04-16 22:20:36 +00:00
|
|
|
This driver provides the kernel-side support for the intelligent
|
|
|
|
|
fieldbus cards made by Applicom International. More information
|
|
|
|
|
about these cards can be found on the WWW at the address
|
2020-07-13 10:44:53 +00:00
|
|
|
<https://www.applicom-int.com/>, or by email from David Woodhouse
|
2005-04-16 22:20:36 +00:00
|
|
|
<dwmw2@infradead.org>.
|
|
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
|
|
|
module will be called applicom.
|
|
|
|
|
|
|
|
|
|
If unsure, say N.
|
|
|
|
|
|
|
|
|
|
config SONYPI
|
2012-09-18 15:14:53 +00:00
|
|
|
tristate "Sony Vaio Programmable I/O Control Device support"
|
2014-03-31 13:15:36 +00:00
|
|
|
depends on X86_32 && PCI && INPUT
|
2020-06-13 16:50:22 +00:00
|
|
|
help
|
2005-04-16 22:20:36 +00:00
|
|
|
This driver enables access to the Sony Programmable I/O Control
|
|
|
|
|
Device which can be found in many (all ?) Sony Vaio laptops.
|
|
|
|
|
|
|
|
|
|
If you have one of those laptops, read
|
2019-06-13 18:07:43 +00:00
|
|
|
<file:Documentation/admin-guide/laptops/sonypi.rst>, and say Y or M here.
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
|
|
|
module will be called sonypi.
|
|
|
|
|
|
|
|
|
|
source "drivers/char/pcmcia/Kconfig"
|
|
|
|
|
|
|
|
|
|
config MWAVE
|
|
|
|
|
tristate "ACP Modem (Mwave) support"
|
2013-01-18 06:44:22 +00:00
|
|
|
depends on X86 && TTY
|
2005-04-16 22:20:36 +00:00
|
|
|
select SERIAL_8250
|
2020-06-13 16:50:22 +00:00
|
|
|
help
|
2005-04-16 22:20:36 +00:00
|
|
|
The ACP modem (Mwave) for Linux is a WinModem. It is composed of a
|
|
|
|
|
kernel driver and a user level application. Together these components
|
|
|
|
|
support direct attachment to public switched telephone networks (PSTNs)
|
|
|
|
|
and support selected world wide countries.
|
|
|
|
|
|
|
|
|
|
This version of the ACP Modem driver supports the IBM Thinkpad 600E,
|
|
|
|
|
600, and 770 that include on board ACP modem hardware.
|
|
|
|
|
|
|
|
|
|
The modem also supports the standard communications port interface
|
|
|
|
|
(ttySx) and is compatible with the Hayes AT Command Set.
|
|
|
|
|
|
|
|
|
|
The user level application needed to use this driver can be found at
|
|
|
|
|
the IBM Linux Technology Center (LTC) web site:
|
|
|
|
|
<http://www.ibm.com/linux/ltc/>.
|
|
|
|
|
|
|
|
|
|
If you own one of the above IBM Thinkpads which has the Mwave chipset
|
|
|
|
|
in it, say Y.
|
|
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
|
|
|
module will be called mwave.
|
|
|
|
|
|
|
|
|
|
config SCx200_GPIO
|
|
|
|
|
tristate "NatSemi SCx200 GPIO Support"
|
|
|
|
|
depends on SCx200
|
2006-06-27 09:54:27 +00:00
|
|
|
select NSC_GPIO
|
2005-04-16 22:20:36 +00:00
|
|
|
help
|
|
|
|
|
Give userspace access to the GPIO pins on the National
|
|
|
|
|
Semiconductor SCx200 processors.
|
|
|
|
|
|
|
|
|
|
If compiled as a module, it will be called scx200_gpio.
|
|
|
|
|
|
2006-06-27 09:54:27 +00:00
|
|
|
config PC8736x_GPIO
|
|
|
|
|
tristate "NatSemi PC8736x GPIO Support"
|
2011-08-18 19:11:59 +00:00
|
|
|
depends on X86_32 && !UML
|
2006-06-27 09:54:27 +00:00
|
|
|
default SCx200_GPIO # mostly N
|
|
|
|
|
select NSC_GPIO # needed for support routines
|
|
|
|
|
help
|
|
|
|
|
Give userspace access to the GPIO pins on the National
|
|
|
|
|
Semiconductor PC-8736x (x=[03456]) SuperIO chip. The chip
|
|
|
|
|
has multiple functional units, inc several managed by
|
|
|
|
|
hwmon/pc87360 driver. Tested with PC-87366
|
|
|
|
|
|
|
|
|
|
If compiled as a module, it will be called pc8736x_gpio.
|
|
|
|
|
|
|
|
|
|
config NSC_GPIO
|
|
|
|
|
tristate "NatSemi Base GPIO Support"
|
2006-06-29 09:24:32 +00:00
|
|
|
depends on X86_32
|
2006-06-27 09:54:27 +00:00
|
|
|
# selected by SCx200_GPIO and PC8736x_GPIO
|
|
|
|
|
# what about 2 selectors differing: m != y
|
|
|
|
|
help
|
|
|
|
|
Common support used (and needed) by scx200_gpio and
|
|
|
|
|
pc8736x_gpio drivers. If those drivers are built as
|
|
|
|
|
modules, this one will be too, named nsc_gpio
|
|
|
|
|
|
2020-03-11 22:57:34 +00:00
|
|
|
config DEVMEM
|
|
|
|
|
bool "/dev/mem virtual device support"
|
|
|
|
|
default y
|
|
|
|
|
help
|
|
|
|
|
Say Y here if you want to support the /dev/mem device.
|
|
|
|
|
The /dev/mem device is used to access areas of physical
|
|
|
|
|
memory.
|
|
|
|
|
When in doubt, say "Y".
|
|
|
|
|
|
|
|
|
|
config NVRAM
|
|
|
|
|
tristate "/dev/nvram support"
|
|
|
|
|
depends on X86 || HAVE_ARCH_NVRAM_OPS
|
|
|
|
|
default M68K || PPC
|
2020-06-13 16:50:22 +00:00
|
|
|
help
|
2020-03-11 22:57:34 +00:00
|
|
|
If you say Y here and create a character special file /dev/nvram
|
|
|
|
|
with major number 10 and minor number 144 using mknod ("man mknod"),
|
|
|
|
|
you get read and write access to the non-volatile memory.
|
|
|
|
|
|
|
|
|
|
/dev/nvram may be used to view settings in NVRAM or to change them
|
|
|
|
|
(with some utility). It could also be used to frequently
|
|
|
|
|
save a few bits of very important data that may not be lost over
|
|
|
|
|
power-off and for which writing to disk is too insecure. Note
|
|
|
|
|
however that most NVRAM space in a PC belongs to the BIOS and you
|
|
|
|
|
should NEVER idly tamper with it. See Ralf Brown's interrupt list
|
|
|
|
|
for a guide to the use of CMOS bytes by your BIOS.
|
|
|
|
|
|
|
|
|
|
This memory is conventionally called "NVRAM" on PowerPC machines,
|
|
|
|
|
"CMOS RAM" on PCs, "NVRAM" on Ataris and "PRAM" on Macintoshes.
|
|
|
|
|
|
|
|
|
|
To compile this driver as a module, choose M here: the
|
|
|
|
|
module will be called nvram.
|
|
|
|
|
|
|
|
|
|
config DEVPORT
|
|
|
|
|
bool "/dev/port character device"
|
|
|
|
|
depends on ISA || PCI
|
|
|
|
|
default y
|
|
|
|
|
help
|
|
|
|
|
Say Y here if you want to support the /dev/port device. The /dev/port
|
|
|
|
|
device is similar to /dev/mem, but for I/O ports.
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
config HPET
|
|
|
|
|
bool "HPET - High Precision Event Timer" if (X86 || IA64)
|
|
|
|
|
default n
|
|
|
|
|
depends on ACPI
|
|
|
|
|
help
|
|
|
|
|
If you say Y here, you will have a miscdevice named "/dev/hpet/". Each
|
|
|
|
|
open selects one of the timers supported by the HPET. The timers are
|
2006-11-30 04:22:59 +00:00
|
|
|
non-periodic and/or periodic.
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
config HPET_MMAP
|
|
|
|
|
bool "Allow mmap of HPET"
|
|
|
|
|
default y
|
|
|
|
|
depends on HPET
|
|
|
|
|
help
|
|
|
|
|
If you say Y here, user applications will be able to mmap
|
|
|
|
|
the HPET registers.
|
|
|
|
|
|
2013-11-12 23:08:33 +00:00
|
|
|
config HPET_MMAP_DEFAULT
|
|
|
|
|
bool "Enable HPET MMAP access by default"
|
|
|
|
|
default y
|
|
|
|
|
depends on HPET_MMAP
|
|
|
|
|
help
|
2005-04-16 22:20:36 +00:00
|
|
|
In some hardware implementations, the page containing HPET
|
|
|
|
|
registers may also contain other things that shouldn't be
|
2013-11-12 23:08:33 +00:00
|
|
|
exposed to the user. This option selects the default (if
|
|
|
|
|
kernel parameter hpet_mmap is not set) user access to the
|
|
|
|
|
registers for applications that require it.
|
2005-04-16 22:20:36 +00:00
|
|
|
|
|
|
|
|
config HANGCHECK_TIMER
|
|
|
|
|
tristate "Hangcheck timer"
|
2007-05-10 13:45:59 +00:00
|
|
|
depends on X86 || IA64 || PPC64 || S390
|
2005-04-16 22:20:36 +00:00
|
|
|
help
|
|
|
|
|
The hangcheck-timer module detects when the system has gone
|
|
|
|
|
out to lunch past a certain margin. It can reboot the system
|
|
|
|
|
or merely print a warning.
|
|
|
|
|
|
2009-09-23 22:57:15 +00:00
|
|
|
config UV_MMTIMER
|
|
|
|
|
tristate "UV_MMTIMER Memory mapped RTC for SGI UV"
|
|
|
|
|
depends on X86_UV
|
|
|
|
|
default m
|
|
|
|
|
help
|
|
|
|
|
The uv_mmtimer device allows direct userspace access to the
|
|
|
|
|
UV system timer.
|
|
|
|
|
|
2005-04-16 22:20:36 +00:00
|
|
|
source "drivers/char/tpm/Kconfig"
|
|
|
|
|
|
2005-10-30 23:02:55 +00:00
|
|
|
config TELCLOCK
|
2007-03-06 21:58:45 +00:00
|
|
|
tristate "Telecom clock driver for ATCA SBC"
|
2012-09-18 15:14:53 +00:00
|
|
|
depends on X86
|
2005-10-30 23:02:55 +00:00
|
|
|
default n
|
|
|
|
|
help
|
2007-03-06 21:58:45 +00:00
|
|
|
The telecom clock device is specific to the MPCBL0010 and MPCBL0050
|
|
|
|
|
ATCA computers and allows direct userspace access to the
|
|
|
|
|
configuration of the telecom clock configuration settings. This
|
|
|
|
|
device is used for hardware synchronization across the ATCA backplane
|
|
|
|
|
fabric. Upon loading, the driver exports a sysfs directory,
|
|
|
|
|
/sys/devices/platform/telco_clock, with a number of files for
|
|
|
|
|
controlling the behavior of this hardware.
|
2005-10-30 23:02:55 +00:00
|
|
|
|
2007-05-10 13:46:00 +00:00
|
|
|
source "drivers/s390/char/Kconfig"
|
|
|
|
|
|
2014-09-09 06:36:04 +00:00
|
|
|
source "drivers/char/xillybus/Kconfig"
|
|
|
|
|
|
2018-04-26 16:54:08 +00:00
|
|
|
config ADI
|
|
|
|
|
tristate "SPARC Privileged ADI driver"
|
|
|
|
|
depends on SPARC64
|
|
|
|
|
default m
|
|
|
|
|
help
|
|
|
|
|
SPARC M7 and newer processors utilize ADI (Application Data
|
|
|
|
|
Integrity) to version and protect memory. This driver provides
|
|
|
|
|
read/write access to the ADI versions for privileged processes.
|
|
|
|
|
This feature is also known as MCD (Memory Corruption Detection)
|
|
|
|
|
and SSM (Silicon Secured Memory). Intended consumers of this
|
|
|
|
|
driver include crash and makedumpfile.
|
|
|
|
|
|
2018-07-17 22:24:27 +00:00
|
|
|
config RANDOM_TRUST_CPU
|
random: credit cpu and bootloader seeds by default
This commit changes the default Kconfig values of RANDOM_TRUST_CPU and
RANDOM_TRUST_BOOTLOADER to be Y by default. It does not change any
existing configs or change any kernel behavior. The reason for this is
several fold.
As background, I recently had an email thread with the kernel
maintainers of Fedora/RHEL, Debian, Ubuntu, Gentoo, Arch, NixOS, Alpine,
SUSE, and Void as recipients. I noted that some distros trust RDRAND,
some trust EFI, and some trust both, and I asked why or why not. There
wasn't really much of a "debate" but rather an interesting discussion of
what the historical reasons have been for this, and it came up that some
distros just missed the introduction of the bootloader Kconfig knob,
while another didn't want to enable it until there was a boot time
switch to turn it off for more concerned users (which has since been
added). The result of the rather uneventful discussion is that every
major Linux distro enables these two options by default.
While I didn't have really too strong of an opinion going into this
thread -- and I mostly wanted to learn what the distros' thinking was
one way or another -- ultimately I think their choice was a decent
enough one for a default option (which can be disabled at boot time).
I'll try to summarize the pros and cons:
Pros:
- The RNG machinery gets initialized super quickly, and there's no
messing around with subsequent blocking behavior.
- The bootloader mechanism is used by kexec in order for the prior
kernel to initialize the RNG of the next kernel, which increases
the entropy available to early boot daemons of the next kernel.
- Previous objections related to backdoors centered around
Dual_EC_DRBG-like kleptographic systems, in which observing some
amount of the output stream enables an adversary holding the right key
to determine the entire output stream.
This used to be a partially justified concern, because RDRAND output
was mixed into the output stream in varying ways, some of which may
have lacked pre-image resistance (e.g. XOR or an LFSR).
But this is no longer the case. Now, all usage of RDRAND and
bootloader seeds go through a cryptographic hash function. This means
that the CPU would have to compute a hash pre-image, which is not
considered to be feasible (otherwise the hash function would be
terribly broken).
- More generally, if the CPU is backdoored, the RNG is probably not the
realistic vector of choice for an attacker.
- These CPU or bootloader seeds are far from being the only source of
entropy. Rather, there is generally a pretty huge amount of entropy,
not all of which is credited, especially on CPUs that support
instructions like RDRAND. In other words, assuming RDRAND outputs all
zeros, an attacker would *still* have to accurately model every single
other entropy source also in use.
- The RNG now reseeds itself quite rapidly during boot, starting at 2
seconds, then 4, then 8, then 16, and so forth, so that other sources
of entropy get used without much delay.
- Paranoid users can set random.trust_{cpu,bootloader}=no in the kernel
command line, and paranoid system builders can set the Kconfig options
to N, so there's no reduction or restriction of optionality.
- It's a practical default.
- All the distros have it set this way. Microsoft and Apple trust it
too. Bandwagon.
Cons:
- RDRAND *could* still be backdoored with something like a fixed key or
limited space serial number seed or another indexable scheme like
that. (However, it's hard to imagine threat models where the CPU is
backdoored like this, yet people are still okay making *any*
computations with it or connecting it to networks, etc.)
- RDRAND *could* be defective, rather than backdoored, and produce
garbage that is in one way or another insufficient for crypto.
- Suggesting a *reduction* in paranoia, as this commit effectively does,
may cause some to question my personal integrity as a "security
person".
- Bootloader seeds and RDRAND are generally very difficult if not all
together impossible to audit.
Keep in mind that this doesn't actually change any behavior. This
is just a change in the default Kconfig value. The distros already are
shipping kernels that set things this way.
Ard made an additional argument in [1]:
We're at the mercy of firmware and micro-architecture anyway, given
that we are also relying on it to ensure that every instruction in
the kernel's executable image has been faithfully copied to memory,
and that the CPU implements those instructions as documented. So I
don't think firmware or ISA bugs related to RNGs deserve special
treatment - if they are broken, we should quirk around them like we
usually do. So enabling these by default is a step in the right
direction IMHO.
In [2], Phil pointed out that having this disabled masked a bug that CI
otherwise would have caught:
A clean 5.15.45 boots cleanly, whereas a downstream kernel shows the
static key warning (but it does go on to boot). The significant
difference is that our defconfigs set CONFIG_RANDOM_TRUST_BOOTLOADER=y
defining that on top of multi_v7_defconfig demonstrates the issue on
a clean 5.15.45. Conversely, not setting that option in a
downstream kernel build avoids the warning
[1] https://lore.kernel.org/lkml/CAMj1kXGi+ieviFjXv9zQBSaGyyzeGW_VpMpTLJK8PJb2QHEQ-w@mail.gmail.com/
[2] https://lore.kernel.org/lkml/c47c42e3-1d56-5859-a6ad-976a1a3381c6@raspberrypi.com/
Cc: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-06-05 16:30:46 +00:00
|
|
|
bool "Initialize RNG using CPU RNG instructions"
|
|
|
|
|
default y
|
2018-07-17 22:24:27 +00:00
|
|
|
help
|
random: credit cpu and bootloader seeds by default
This commit changes the default Kconfig values of RANDOM_TRUST_CPU and
RANDOM_TRUST_BOOTLOADER to be Y by default. It does not change any
existing configs or change any kernel behavior. The reason for this is
several fold.
As background, I recently had an email thread with the kernel
maintainers of Fedora/RHEL, Debian, Ubuntu, Gentoo, Arch, NixOS, Alpine,
SUSE, and Void as recipients. I noted that some distros trust RDRAND,
some trust EFI, and some trust both, and I asked why or why not. There
wasn't really much of a "debate" but rather an interesting discussion of
what the historical reasons have been for this, and it came up that some
distros just missed the introduction of the bootloader Kconfig knob,
while another didn't want to enable it until there was a boot time
switch to turn it off for more concerned users (which has since been
added). The result of the rather uneventful discussion is that every
major Linux distro enables these two options by default.
While I didn't have really too strong of an opinion going into this
thread -- and I mostly wanted to learn what the distros' thinking was
one way or another -- ultimately I think their choice was a decent
enough one for a default option (which can be disabled at boot time).
I'll try to summarize the pros and cons:
Pros:
- The RNG machinery gets initialized super quickly, and there's no
messing around with subsequent blocking behavior.
- The bootloader mechanism is used by kexec in order for the prior
kernel to initialize the RNG of the next kernel, which increases
the entropy available to early boot daemons of the next kernel.
- Previous objections related to backdoors centered around
Dual_EC_DRBG-like kleptographic systems, in which observing some
amount of the output stream enables an adversary holding the right key
to determine the entire output stream.
This used to be a partially justified concern, because RDRAND output
was mixed into the output stream in varying ways, some of which may
have lacked pre-image resistance (e.g. XOR or an LFSR).
But this is no longer the case. Now, all usage of RDRAND and
bootloader seeds go through a cryptographic hash function. This means
that the CPU would have to compute a hash pre-image, which is not
considered to be feasible (otherwise the hash function would be
terribly broken).
- More generally, if the CPU is backdoored, the RNG is probably not the
realistic vector of choice for an attacker.
- These CPU or bootloader seeds are far from being the only source of
entropy. Rather, there is generally a pretty huge amount of entropy,
not all of which is credited, especially on CPUs that support
instructions like RDRAND. In other words, assuming RDRAND outputs all
zeros, an attacker would *still* have to accurately model every single
other entropy source also in use.
- The RNG now reseeds itself quite rapidly during boot, starting at 2
seconds, then 4, then 8, then 16, and so forth, so that other sources
of entropy get used without much delay.
- Paranoid users can set random.trust_{cpu,bootloader}=no in the kernel
command line, and paranoid system builders can set the Kconfig options
to N, so there's no reduction or restriction of optionality.
- It's a practical default.
- All the distros have it set this way. Microsoft and Apple trust it
too. Bandwagon.
Cons:
- RDRAND *could* still be backdoored with something like a fixed key or
limited space serial number seed or another indexable scheme like
that. (However, it's hard to imagine threat models where the CPU is
backdoored like this, yet people are still okay making *any*
computations with it or connecting it to networks, etc.)
- RDRAND *could* be defective, rather than backdoored, and produce
garbage that is in one way or another insufficient for crypto.
- Suggesting a *reduction* in paranoia, as this commit effectively does,
may cause some to question my personal integrity as a "security
person".
- Bootloader seeds and RDRAND are generally very difficult if not all
together impossible to audit.
Keep in mind that this doesn't actually change any behavior. This
is just a change in the default Kconfig value. The distros already are
shipping kernels that set things this way.
Ard made an additional argument in [1]:
We're at the mercy of firmware and micro-architecture anyway, given
that we are also relying on it to ensure that every instruction in
the kernel's executable image has been faithfully copied to memory,
and that the CPU implements those instructions as documented. So I
don't think firmware or ISA bugs related to RNGs deserve special
treatment - if they are broken, we should quirk around them like we
usually do. So enabling these by default is a step in the right
direction IMHO.
In [2], Phil pointed out that having this disabled masked a bug that CI
otherwise would have caught:
A clean 5.15.45 boots cleanly, whereas a downstream kernel shows the
static key warning (but it does go on to boot). The significant
difference is that our defconfigs set CONFIG_RANDOM_TRUST_BOOTLOADER=y
defining that on top of multi_v7_defconfig demonstrates the issue on
a clean 5.15.45. Conversely, not setting that option in a
downstream kernel build avoids the warning
[1] https://lore.kernel.org/lkml/CAMj1kXGi+ieviFjXv9zQBSaGyyzeGW_VpMpTLJK8PJb2QHEQ-w@mail.gmail.com/
[2] https://lore.kernel.org/lkml/c47c42e3-1d56-5859-a6ad-976a1a3381c6@raspberrypi.com/
Cc: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-06-05 16:30:46 +00:00
|
|
|
Initialize the RNG using random numbers supplied by the CPU's
|
|
|
|
|
RNG instructions (e.g. RDRAND), if supported and available. These
|
|
|
|
|
random numbers are never used directly, but are rather hashed into
|
|
|
|
|
the main input pool, and this happens regardless of whether or not
|
|
|
|
|
this option is enabled. Instead, this option controls whether the
|
|
|
|
|
they are credited and hence can initialize the RNG. Additionally,
|
|
|
|
|
other sources of randomness are always used, regardless of this
|
|
|
|
|
setting. Enabling this implies trusting that the CPU can supply high
|
|
|
|
|
quality and non-backdoored random numbers.
|
|
|
|
|
|
|
|
|
|
Say Y here unless you have reason to mistrust your CPU or believe
|
|
|
|
|
its RNG facilities may be faulty. This may also be configured at
|
|
|
|
|
boot time with "random.trust_cpu=on/off".
|
2019-08-23 06:24:51 +00:00
|
|
|
|
|
|
|
|
config RANDOM_TRUST_BOOTLOADER
|
random: credit cpu and bootloader seeds by default
This commit changes the default Kconfig values of RANDOM_TRUST_CPU and
RANDOM_TRUST_BOOTLOADER to be Y by default. It does not change any
existing configs or change any kernel behavior. The reason for this is
several fold.
As background, I recently had an email thread with the kernel
maintainers of Fedora/RHEL, Debian, Ubuntu, Gentoo, Arch, NixOS, Alpine,
SUSE, and Void as recipients. I noted that some distros trust RDRAND,
some trust EFI, and some trust both, and I asked why or why not. There
wasn't really much of a "debate" but rather an interesting discussion of
what the historical reasons have been for this, and it came up that some
distros just missed the introduction of the bootloader Kconfig knob,
while another didn't want to enable it until there was a boot time
switch to turn it off for more concerned users (which has since been
added). The result of the rather uneventful discussion is that every
major Linux distro enables these two options by default.
While I didn't have really too strong of an opinion going into this
thread -- and I mostly wanted to learn what the distros' thinking was
one way or another -- ultimately I think their choice was a decent
enough one for a default option (which can be disabled at boot time).
I'll try to summarize the pros and cons:
Pros:
- The RNG machinery gets initialized super quickly, and there's no
messing around with subsequent blocking behavior.
- The bootloader mechanism is used by kexec in order for the prior
kernel to initialize the RNG of the next kernel, which increases
the entropy available to early boot daemons of the next kernel.
- Previous objections related to backdoors centered around
Dual_EC_DRBG-like kleptographic systems, in which observing some
amount of the output stream enables an adversary holding the right key
to determine the entire output stream.
This used to be a partially justified concern, because RDRAND output
was mixed into the output stream in varying ways, some of which may
have lacked pre-image resistance (e.g. XOR or an LFSR).
But this is no longer the case. Now, all usage of RDRAND and
bootloader seeds go through a cryptographic hash function. This means
that the CPU would have to compute a hash pre-image, which is not
considered to be feasible (otherwise the hash function would be
terribly broken).
- More generally, if the CPU is backdoored, the RNG is probably not the
realistic vector of choice for an attacker.
- These CPU or bootloader seeds are far from being the only source of
entropy. Rather, there is generally a pretty huge amount of entropy,
not all of which is credited, especially on CPUs that support
instructions like RDRAND. In other words, assuming RDRAND outputs all
zeros, an attacker would *still* have to accurately model every single
other entropy source also in use.
- The RNG now reseeds itself quite rapidly during boot, starting at 2
seconds, then 4, then 8, then 16, and so forth, so that other sources
of entropy get used without much delay.
- Paranoid users can set random.trust_{cpu,bootloader}=no in the kernel
command line, and paranoid system builders can set the Kconfig options
to N, so there's no reduction or restriction of optionality.
- It's a practical default.
- All the distros have it set this way. Microsoft and Apple trust it
too. Bandwagon.
Cons:
- RDRAND *could* still be backdoored with something like a fixed key or
limited space serial number seed or another indexable scheme like
that. (However, it's hard to imagine threat models where the CPU is
backdoored like this, yet people are still okay making *any*
computations with it or connecting it to networks, etc.)
- RDRAND *could* be defective, rather than backdoored, and produce
garbage that is in one way or another insufficient for crypto.
- Suggesting a *reduction* in paranoia, as this commit effectively does,
may cause some to question my personal integrity as a "security
person".
- Bootloader seeds and RDRAND are generally very difficult if not all
together impossible to audit.
Keep in mind that this doesn't actually change any behavior. This
is just a change in the default Kconfig value. The distros already are
shipping kernels that set things this way.
Ard made an additional argument in [1]:
We're at the mercy of firmware and micro-architecture anyway, given
that we are also relying on it to ensure that every instruction in
the kernel's executable image has been faithfully copied to memory,
and that the CPU implements those instructions as documented. So I
don't think firmware or ISA bugs related to RNGs deserve special
treatment - if they are broken, we should quirk around them like we
usually do. So enabling these by default is a step in the right
direction IMHO.
In [2], Phil pointed out that having this disabled masked a bug that CI
otherwise would have caught:
A clean 5.15.45 boots cleanly, whereas a downstream kernel shows the
static key warning (but it does go on to boot). The significant
difference is that our defconfigs set CONFIG_RANDOM_TRUST_BOOTLOADER=y
defining that on top of multi_v7_defconfig demonstrates the issue on
a clean 5.15.45. Conversely, not setting that option in a
downstream kernel build avoids the warning
[1] https://lore.kernel.org/lkml/CAMj1kXGi+ieviFjXv9zQBSaGyyzeGW_VpMpTLJK8PJb2QHEQ-w@mail.gmail.com/
[2] https://lore.kernel.org/lkml/c47c42e3-1d56-5859-a6ad-976a1a3381c6@raspberrypi.com/
Cc: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2022-06-05 16:30:46 +00:00
|
|
|
bool "Initialize RNG using bootloader-supplied seed"
|
|
|
|
|
default y
|
|
|
|
|
help
|
|
|
|
|
Initialize the RNG using a seed supplied by the bootloader or boot
|
|
|
|
|
environment (e.g. EFI or a bootloader-generated device tree). This
|
|
|
|
|
seed is not used directly, but is rather hashed into the main input
|
|
|
|
|
pool, and this happens regardless of whether or not this option is
|
|
|
|
|
enabled. Instead, this option controls whether the seed is credited
|
|
|
|
|
and hence can initialize the RNG. Additionally, other sources of
|
|
|
|
|
randomness are always used, regardless of this setting. Enabling
|
|
|
|
|
this implies trusting that the bootloader can supply high quality and
|
|
|
|
|
non-backdoored seeds.
|
|
|
|
|
|
|
|
|
|
Say Y here unless you have reason to mistrust your bootloader or
|
|
|
|
|
believe its RNG facilities may be faulty. This may also be configured
|
|
|
|
|
at boot time with "random.trust_bootloader=on/off".
|
2021-08-16 00:05:31 +00:00
|
|
|
|
|
|
|
|
endmenu
|