[Whonix-devel] How to confirm jitter .ko was loaded

procmem at riseup.net procmem at riseup.net
Thu May 2 05:44:26 CEST 2019

On 5/2/19 8:09 AM, Stephan Mueller wrote:
> Am Dienstag, 30. April 2019, 13:41:00 CEST schrieb Patrick Schleizer:
> Hi Patrick,
>> Hello Stephan,
>> thank you for all your kernel work and answering to us here, appreciated!
>> On https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927972 I asked
>> Debian kernel maintainers to consider enabling the jitter kernel module
>> by default.
>> Would you wish to share your thoughts on this?
> I looked through the bug report. The message #41 effectively summarizes all 
> very clearly and derives the right conclusions.
> So, the jitterentropy kernel module is only used by the kernel DRBG. And it 
> will load the jitterentropy kernel module automatically considering that the 
> module name is the same as the cipher name "jitterentropy_rng". Of course, 
> this only applies if the kernel module is available in the execution 
> environment (like the initramfs) and the DRBG is initialized during that time.
> Thus, I am not sure I can contribute more to the bug thread.
I guess asked another way, Patrick is wondering what the problems of a
weak kernel DRBG would cause?

We know weak /dev/?random is catastrophic, but it was news to us that
the in-kernel DRBG has no connection to it. So we want to know if this
is so bad too that it warrants forcing the module.

More information about the Whonix-devel mailing list