diff options
author | kib <kib@FreeBSD.org> | 2012-09-05 13:18:51 +0000 |
---|---|---|
committer | kib <kib@FreeBSD.org> | 2012-09-05 13:18:51 +0000 |
commit | dac91f5998c1d33695196e636176f5634af60f74 (patch) | |
tree | 4e5e06d435f26a7ff60ca89f3247cc53bec9401b /sys/conf/options.i386 | |
parent | 71dbd73468d207cc6328627d0f16d719bad326c8 (diff) | |
download | FreeBSD-src-dac91f5998c1d33695196e636176f5634af60f74.zip FreeBSD-src-dac91f5998c1d33695196e636176f5634af60f74.tar.gz |
Add support for new Intel on-CPU Bull Mountain random number
generator, found on IvyBridge and supposedly later CPUs, accessible
with RDRAND instruction.
From the Intel whitepapers and articles about Bull Mountain, it seems
that we do not need to perform post-processing of RDRAND results, like
AES-encryption of the data with random IV and keys, which was done for
Padlock. Intel claims that sanitization is performed in hardware.
Make both Padlock and Bull Mountain random generators support code
covered by kernel config options, for the benefit of people who prefer
minimal kernels. Also add the tunables to disable hardware generator
even if detected.
Reviewed by: markm, secteam (simon)
Tested by: bapt, Michael Moll <kvedulv@kvedulv.de>
MFC after: 3 weeks
Diffstat (limited to 'sys/conf/options.i386')
-rw-r--r-- | sys/conf/options.i386 | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/conf/options.i386 b/sys/conf/options.i386 index 3638266..9ce7b8c 100644 --- a/sys/conf/options.i386 +++ b/sys/conf/options.i386 @@ -123,3 +123,7 @@ XENHVM opt_global.h # options for the Intel C600 SAS driver (isci) ISCI_LOGGING opt_isci.h + +# hw random number generators for random(4) +PADLOCK_RNG opt_cpu.h +IVY_RNG opt_cpu.h |