Kconfig

# SPDX-License-Identifier: GPL-2.0
#
# Linux Random Number Generator configuration
#

config RANDOM_DEFAULT_IMPL
	bool "Kernel RNG Default Implementation"
	default y
	help
	  The default random number generator as provided with
	  drivers/char/random.c is selected with this option.

config LRNG_AUTO_SELECTED
	bool
	default y if !RANDOM_DEFAULT_IMPL
	default n if RANDOM_DEFAULT_IMPL
	select LRNG

config LRNG
	bool "Linux Random Number Generator"
	default n
	select CRYPTO_LIB_SHA256 if CRYPTO
	help
	  The Linux Random Number Generator (LRNG) generates entropy
	  from different entropy sources. Each entropy source can
	  be enabled and configured independently. The interrupt
	  entropy source can be configured to be SP800-90B compliant.
	  The entire LRNG can be configured to be SP800-90C compliant.
	  Runtime-switchable cryptographic support is available.
	  The LRNG delivers significant entropy during boot.

	  The LRNG also provides compliance to SP800-90A/B/C.

menu "Linux Random Number Generator Configuration"
	depends on LRNG

if LRNG

config LRNG_SHA256
	bool
	default y if CRYPTO_LIB_SHA256

config LRNG_SHA1
	bool
	default y if !CRYPTO_LIB_SHA256

config LRNG_COMMON_DEV_IF
	bool

config LRNG_DRNG_ATOMIC
	bool
	select LRNG_DRNG_CHACHA20

config LRNG_SYSCTL
	bool
	depends on SYSCTL

config LRNG_RANDOM_IF
	bool
	default n if RANDOM_DEFAULT_IMPL
	default y if !RANDOM_DEFAULT_IMPL
	select LRNG_COMMON_DEV_IF
	select LRNG_DRNG_ATOMIC
	select LRNG_SYSCTL

menu "Specific DRNG seeding strategies"

config LRNG_AIS2031_NTG1_SEEDING_STRATEGY
	bool "AIS 20/31 NTG.1 seeding strategy"
	default n
	help
	  When enabling this option, two entropy sources must
	  deliver 240 bits of entropy each to consider a DRNG
	  as fully seeded. Any two entropy sources can be used
	  to fulfill this requirement. If specific entropy sources
	  shall not be capable of contributing to this seeding
	  strategy, the respective entropy source must be configured
	  to provide less than 240 bits of entropy.

	  The strategy is consistent with the requirements for
	  NTG.1 compliance in German AIS 20/31 version 3.0 from 2024
	  and is only enforced with lrng_es_mgr.ntg1=1.

	  Compliance with German AIS 20/31 version 2.0 from 2011 is
	  always present when using /dev/random with the flag O_SYNC
	  or getrandom(2) with GRND_RANDOM.

	  If unsure, say N.

endmenu # "Specific DRNG seeding strategies"

menu "LRNG Interfaces"

config LRNG_KCAPI_IF
	tristate "Interface with Kernel Crypto API"
	depends on CRYPTO_RNG
	help
	  The LRNG can be registered with the kernel crypto API's
	  random number generator framework. This offers a random
	  number generator with the name "lrng" and a priority that
	  is intended to be higher than the existing RNG
	  implementations.

config LRNG_HWRAND_IF
	tristate "Interface with Hardware Random Number Generator Framework"
	depends on HW_RANDOM
	select LRNG_DRNG_ATOMIC
	help
	  The LRNG can be registered with the hardware random number
	  generator framework. This offers a random number generator
	  with the name "lrng" that is accessible via the framework.
	  For example it allows pulling data from the LRNG via the
	  /dev/hwrng file.

config LRNG_DEV_IF
	bool "Character device file interface"
	select LRNG_COMMON_DEV_IF
	help
	  The LRNG can create a character device file that operates
	  identically to /dev/random including IOCTL, read and write
	  operations.

endmenu # "LRNG Interfaces"

menu "Entropy Source Configuration"

config LRNG_RUNTIME_ES_CONFIG
	bool "Enable runtime configuration of entropy sources"
	help
	  When enabling this option, the LRNG provides the mechanism
	  allowing to alter the entropy rate of each entropy source
	  during boot time and runtime.

	  Each entropy source allows its entropy rate changed with
	  a kernel command line option. When not providing any
	  option, the default specified during kernel compilation
	  is applied.

comment "Common Timer-based Entropy Source Configuration"

config LRNG_IRQ_DFLT_TIMER_ES
	bool

config LRNG_SCHED_DFLT_TIMER_ES
	bool

config LRNG_TIMER_COMMON
	bool

choice
	prompt "Default Timer-based Entropy Source"
	default LRNG_IRQ_DFLT_TIMER_ES
	depends on LRNG_TIMER_COMMON
	help
	  Select the timer-based entropy source that is credited
	  with entropy. The other timer-based entropy sources may
	  be operational and provide data, but are credited with no
	  entropy.

	config LRNG_IRQ_DFLT_TIMER_ES
	bool "Interrupt Entropy Source"
	depends on LRNG_IRQ
	help
	  The interrupt entropy source is selected as a timer-based
	  entropy source to provide entropy.

	config LRNG_SCHED_DFLT_TIMER_ES
	bool "Scheduler Entropy Source"
	depends on LRNG_SCHED
	help
	  The scheduler entropy source is selected as timer-based
	  entropy source to provide entropy.
endchoice

choice
	prompt "LRNG Entropy Collection Pool Size"
	default LRNG_COLLECTION_SIZE_1024
	depends on LRNG_TIMER_COMMON
	help
	  Select the size of the LRNG entropy collection pool
	  storing data for the interrupt as well as the scheduler
	  entropy sources without performing a compression
	  operation. The larger the collection size is, the faster
	  the average interrupt handling will be. The collection
	  size represents the number of bytes of the per-CPU memory
	  used to batch up entropy event data.

	  The default value is good for regular operations. Choose
	  larger sizes for servers that have no memory limitations.
	  If runtime memory is precious, choose a smaller size.

	  The collection size is unrelated to the entropy rate
	  or the amount of entropy the LRNG can process.

	config LRNG_COLLECTION_SIZE_32
	depends on LRNG_CONTINUOUS_COMPRESSION_ENABLED
	depends on !LRNG_SWITCHABLE_CONTINUOUS_COMPRESSION
	depends on !CRYPTO_FIPS
		bool "32 interrupt events"

	config LRNG_COLLECTION_SIZE_256
	depends on !CRYPTO_FIPS
		bool "256 interrupt events"

	config LRNG_COLLECTION_SIZE_512
		bool "512 interrupt events"

	config LRNG_COLLECTION_SIZE_1024
		bool "1024 interrupt events (default)"

	config LRNG_COLLECTION_SIZE_2048
		bool "2048 interrupt events"

	config LRNG_COLLECTION_SIZE_4096
		bool "4096 interrupt events"

	config LRNG_COLLECTION_SIZE_8192
		bool "8192 interrupt events"

endchoice

config LRNG_COLLECTION_SIZE
	int
	default 32 if LRNG_COLLECTION_SIZE_32
	default 256 if LRNG_COLLECTION_SIZE_256
	default 512 if LRNG_COLLECTION_SIZE_512
	default 1024 if LRNG_COLLECTION_SIZE_1024
	default 2048 if LRNG_COLLECTION_SIZE_2048
	default 4096 if LRNG_COLLECTION_SIZE_4096
	default 8192 if LRNG_COLLECTION_SIZE_8192

config LRNG_HEALTH_TESTS
	bool "Enable internal entropy source online health tests"
	depends on LRNG_TIMER_COMMON
	help
	  The online health tests applied to the interrupt entropy
	  source and to the scheduler entropy source to validate
	  the noise source at runtime for fatal errors. These tests
	  include SP800-90B compliant tests which are invoked if
	  the system is booted with fips=1. In case of fatal errors
	  during active SP800-90B tests, the issue is logged and
	  the noise data is discarded. These tests are required for
	  full compliance of the interrupt entropy source with
	  SP800-90B.

	  If both, the scheduler and the interrupt entropy sources,
	  are enabled, the health tests for both are applied
	  independent of each other.

	  If unsure, say Y.

config LRNG_RCT_BROKEN
	bool "SP800-90B RCT with dangerous low cutoff value"
	depends on LRNG_HEALTH_TESTS
	depends on BROKEN
	default n
	help
	  This option enables a dangerously low SP800-90B repetitive
	  count test (RCT) cutoff value which makes it very likely
	  that the RCT is triggered to raise a self test failure.

	  This option is ONLY intended for developers wanting to
	  test the effectiveness of the SP800-90B RCT health test.

	  If unsure, say N.

config LRNG_APT_BROKEN
	bool "SP800-90B APT with dangerous low cutoff value"
	depends on LRNG_HEALTH_TESTS
	depends on BROKEN
	default n
	help
	  This option enables a dangerously low SP800-90B adaptive
	  proportion test (APT) cutoff value which makes it very
	  likely that the APT is triggered to raise a self test
	  failure.

	  This option is ONLY intended for developers wanting to
	  test the effectiveness of the SP800-90B APT health test.

	  If unsure, say N.

# Default taken from SP800-90B sec 4.4.1 - significance level 2^-30
config LRNG_RCT_CUTOFF
	int
	default 31 if !LRNG_RCT_BROKEN
	default 1 if LRNG_RCT_BROKEN

# Default taken from SP800-90B sec 4.4.1 - significance level 2^-80
config LRNG_RCT_CUTOFF_PERMANENT
	int
	default 81 if !LRNG_RCT_BROKEN
	default 2 if LRNG_RCT_BROKEN

# Default taken from SP800-90B sec 4.4.2 - significance level 2^-30
config LRNG_APT_CUTOFF
	int
	default 325 if !LRNG_APT_BROKEN
	default 32 if LRNG_APT_BROKEN

# Default taken from SP800-90B sec 4.4.2 - significance level 2^-80
config LRNG_APT_CUTOFF_PERMANENT
	int
	default 371 if !LRNG_APT_BROKEN
	default 33 if LRNG_APT_BROKEN

comment "Interrupt Entropy Source"

config LRNG_IRQ
	bool "Enable Interrupt Entropy Source as LRNG Seed Source"
	default y
	depends on !RANDOM_DEFAULT_IMPL
	select LRNG_TIMER_COMMON
	help
	  The LRNG models an entropy source based on the timing of the
	  occurrence of interrupts. Enable this option to enable this
	  IRQ entropy source.

	  The IRQ entropy source is triggered every time an interrupt
	  arrives and thus causes the interrupt handler to execute
	  slightly longer. Disabling the IRQ entropy source implies
	  that the performance penalty on the interrupt handler added
	  by the LRNG is eliminated. Yet, this entropy source is
	  considered to be an internal entropy source of the LRNG.
	  Thus, only disable it if you ensured that other entropy
	  sources are available that supply the LRNG with entropy.

	  If you disable the IRQ entropy source, you MUST ensure
	  one or more entropy sources collectively have the
	  capability to deliver sufficient entropy with one invocation
	  at a rate compliant to the security strength of the DRNG
	  (usually 256 bits of entropy). In addition, if those
	  entropy sources do not deliver sufficient entropy during
	  first request, the reseed must be triggered from user
	  space or kernel space when sufficient entropy is considered
	  to be present.

	  If unsure, say Y.

choice
	prompt "Continuous entropy compression boot time setting"
	default LRNG_CONTINUOUS_COMPRESSION_ENABLED
	depends on LRNG_IRQ
	help
	  Select the default behavior of the interrupt entropy source
	  continuous compression operation.

	  The LRNG IRQ ES collects entropy data during each interrupt.
	  For performance reasons, a amount of entropy data defined by
	  the LRNG entropy collection pool size is concatenated into
	  an array. When that array is filled up, a hash is calculated
	  to compress the entropy. That hash is calculated in
	  interrupt context.

	  In case such hash calculation in interrupt context is deemed
	  too time-consuming, the continuous compression operation
	  can be disabled. If disabled, the collection of entropy will
	  not trigger a hash compression operation in interrupt context.
	  The compression happens only when the DRNG is reseeded which is
	  in process context. This implies that old entropy data
	  collected after the last DRNG-reseed is overwritten with newer
	  entropy data once the collection pool is full instead of
	  retaining its entropy with the compression operation.

	config LRNG_CONTINUOUS_COMPRESSION_ENABLED
		bool "Enable continuous compression (default)"

	config LRNG_CONTINUOUS_COMPRESSION_DISABLED
		bool "Disable continuous compression"

endchoice

config LRNG_ENABLE_CONTINUOUS_COMPRESSION
	bool
	default y if LRNG_CONTINUOUS_COMPRESSION_ENABLED
	default n if LRNG_CONTINUOUS_COMPRESSION_DISABLED

config LRNG_SWITCHABLE_CONTINUOUS_COMPRESSION
	bool "Runtime-switchable continuous entropy compression"
	depends on LRNG_IRQ
	help
	  Per default, the interrupt entropy source continuous
	  compression operation behavior is hard-wired into the kernel.
	  Enable this option to allow it to be configurable at boot time.

	  To modify the default behavior of the continuous
	  compression operation, use the kernel command line option
	  of lrng_sw_noise.lrng_pcpu_continuous_compression.

	  If unsure, say N.

config LRNG_IRQ_ENTROPY_RATE
	int "Interrupt Entropy Source Entropy Rate"
	depends on LRNG_IRQ
	range 256 4294967295 if LRNG_IRQ_DFLT_TIMER_ES
	range 4294967295 4294967295 if !LRNG_IRQ_DFLT_TIMER_ES
	default 256 if LRNG_IRQ_DFLT_TIMER_ES
	default 4294967295 if !LRNG_IRQ_DFLT_TIMER_ES
	help
	  The LRNG will collect the configured number of interrupts to
	  obtain 256 bits of entropy. This value can be set to any between
	  256 and 4294967295. The LRNG guarantees that this value is not
	  lower than 256. This lower limit implies that one interrupt event
	  is credited with one bit of entropy. This value is subject to the
	  increase by the oversampling factor, if no high-resolution timer
	  is found.

	  In order to effectively disable the interrupt entropy source,
	  the option has to be set to 4294967295. In this case, the
	  interrupt entropy source will still deliver data but without
	  being credited with entropy.

comment "Jitter RNG Entropy Source"

config LRNG_JENT
	bool "Enable Jitter RNG as LRNG Seed Source"
	depends on CRYPTO
	select CRYPTO_JITTERENTROPY
	help
	  The LRNG may use the Jitter RNG as entropy source. Enabling
	  this option enables the use of the Jitter RNG. Its default
	  entropy level is 16 bits of entropy per 256 data bits delivered
	  by the Jitter RNG. This entropy level can be changed at boot
	  time or at runtime with the lrng_base.jitterrng configuration
	  variable.

choice
	prompt "Jitter RNG Async Block Number"
	default LRNG_JENT_ENTROPY_BLOCKS_NO_128
	depends on LRNG_JENT
	help
	  Select the number of Jitter RNG entropy blocks the asynchronous
	  collection operation will fill. A caller for Jitter RNG entropy
	  will be given data from the pre-filled blocks if available to
	  prevent the Jitter RNG from utilizing the CPU too much in a
	  possible hot code path.

	  The number specifies the number of 256/384 bit blocks that will
	  be held in memory and asynchronously filled with Jitter RNG data.

	  The asynchronous entropy collection can also be disabled at
	  kernel startup time when setting the command line option of
	  lrng_es_jent.jent_async_enabled=0. Also, setting this option at
	  runtime is allowed via the corresponding SysFS interface. This
	  option is only available with the options SysFS and
	  CONFIG_LRNG_RUNTIME_ES_CONFIG enabled.

	config LRNG_JENT_ENTROPY_BLOCKS_DISABLED
		bool "Async collection disabled"

	# Any block number is allowed, provided it is a power of 2 and
	# equal or larger than 4 (4 is due to the division in
	# lrng_jent_async_get when deciding to wake up the monitor).
	config LRNG_JENT_ENTROPY_BLOCKS_NO_32
		bool "32 blocks"

	config LRNG_JENT_ENTROPY_BLOCKS_NO_64
		bool "64 blocks"

	config LRNG_JENT_ENTROPY_BLOCKS_NO_128
		bool "128 blocks (default)"

	config LRNG_JENT_ENTROPY_BLOCKS_NO_256
		bool "256 blocks"

	config LRNG_JENT_ENTROPY_BLOCKS_NO_512
		bool "512 blocks"

	config LRNG_JENT_ENTROPY_BLOCKS_NO_1024
		bool "1024 blocks"

endchoice

config LRNG_JENT_ENTROPY_BLOCKS
	int
	default 0 if LRNG_JENT_ENTROPY_BLOCKS_DISABLED
	default 32 if LRNG_JENT_ENTROPY_BLOCKS_NO_32
	default 64 if LRNG_JENT_ENTROPY_BLOCKS_NO_64
	default 128 if LRNG_JENT_ENTROPY_BLOCKS_NO_128
	default 256 if LRNG_JENT_ENTROPY_BLOCKS_NO_256
	default 512 if LRNG_JENT_ENTROPY_BLOCKS_NO_512
	default 1024 if LRNG_JENT_ENTROPY_BLOCKS_NO_1024

config LRNG_JENT_ENTROPY_RATE
	int "Jitter RNG Entropy Source Entropy Rate"
	depends on LRNG_JENT
	range 0 256
	default 16
	help
	  The option defines the amount of entropy the LRNG applies to 256
	  bits of data obtained from the Jitter RNG entropy source. The
	  LRNG enforces the limit that this value must be in the range
	  between 0 and 256.

	  When configuring this value to 0, the Jitter RNG entropy source
	  will provide 256 bits of data without being credited to contain
	  entropy.

comment "CPU Entropy Source"

config LRNG_CPU
	bool "Enable CPU Entropy Source as LRNG Seed Source"
	default y
	help
	  Current CPUs commonly contain entropy sources which can be
	  used to seed the LRNG. For example, the Intel RDSEED
	  instruction, or the POWER DARN instruction will be sourced
	  to seed the LRNG if this option is enabled.

	  Note, if this option is enabled and the underlying CPU
	  does not offer such entropy source, the LRNG will automatically
	  detect this and ignore the hardware.

config LRNG_CPU_FULL_ENT_MULTIPLIER
	int
	default 1 if !LRNG_TEST_CPU_ES_COMPRESSION
	default 123 if LRNG_TEST_CPU_ES_COMPRESSION

config LRNG_CPU_ENTROPY_RATE
	int "CPU Entropy Source Entropy Rate"
	depends on LRNG_CPU
	range 0 256
	default 8
	help
	  The option defines the amount of entropy the LRNG applies to 256
	  bits of data obtained from the CPU entropy source. The LRNG
	  enforces the limit that this value must be in the range between
	  0 and 256.

	  When configuring this value to 0, the CPU entropy source will
	  provide 256 bits of data without being credited to contain
	  entropy.

	  Note, this option is overwritten when the option
	  CONFIG_RANDOM_TRUST_CPU is set.

comment "Scheduler Entropy Source"

config LRNG_SCHED
	bool "Enable Scheduer Entropy Source as LRNG Seed Source"
	select LRNG_TIMER_COMMON
	help
	  The LRNG models an entropy source based on the timing of the
	  occurrence of scheduler-triggered context switches. Enable
	  this option to enable this scheduler entropy source.

	  The scheduler entropy source is triggered every time a
	  context switch is triggered thus causes the scheduler to
	  execute slightly longer. Disabling the scheduler entropy
	  source implies that the performance penalty on the scheduler
	  added by the LRNG is eliminated. Yet, this entropy source is
	  considered to be an internal entropy source of the LRNG.
	  Thus, only disable it if you ensured that other entropy
	  sources are available that supply the LRNG with entropy.

	  If you disable the scheduler entropy source, you MUST
	  ensure one or more entropy sources collectively have the
	  capability to deliver sufficient entropy with one invocation
	  at a rate compliant to the security strength of the DRNG
	  (usually 256 bits of entropy). In addition, if those
	  entropy sources do not deliver sufficient entropy during
	  first request, the reseed must be triggered from user
	  space or kernel space when sufficient entropy is considered
	  to be present.

	  If unsure, say Y.

config LRNG_SCHED_ENTROPY_RATE
	int "Scheduler Entropy Source Entropy Rate"
	depends on LRNG_SCHED
	range 256 4294967295 if LRNG_SCHED_DFLT_TIMER_ES
	range 4294967295 4294967295 if !LRNG_SCHED_DFLT_TIMER_ES
	default 256 if LRNG_SCHED_DFLT_TIMER_ES
	default 4294967295 if !LRNG_SCHED_DFLT_TIMER_ES
	help
	  The LRNG will collect the configured number of context switches
	  triggered by the scheduler to obtain 256 bits of entropy. This
	  value can be set to any between 256 and 4294967295. The LRNG
	  guarantees that this value is not lower than 256. This lower
	  limit implies that one interrupt event is credited with one bit
	  of entropy. This value is subject to the increase by the
	  oversampling factor, if no high-resolution timer is found.

	  In order to effectively disable the scheduler entropy source,
	  the option has to be set to 4294967295. In this case, the
	  scheduler entropy source will still deliver data but without
	  being credited with entropy.

comment "Kernel RNG Entropy Source"

config LRNG_KERNEL_RNG
	bool "Enable Kernel RNG as LRNG Seed Source"
	depends on RANDOM_DEFAULT_IMPL
	help
	  The LRNG may use the kernel RNG (random.c) as entropy
	  source.

config LRNG_KERNEL_RNG_ENTROPY_RATE
	int "Kernel RNG Entropy Source Entropy Rate"
	depends on LRNG_KERNEL_RNG
	range 0 256
	default 256
	help
	  The option defines the amount of entropy the LRNG applies to 256
	  bits of data obtained from the kernel RNG entropy source. The
	  LRNG enforces the limit that this value must be in the range
	  between 0 and 256.

	  When configuring this value to 0, the kernel RNG entropy source
	  will provide 256 bits of data without being credited to contain
	  entropy.

	  Note: This value is set to 0 automatically when booting the
	  kernel in FIPS mode (with fips=1 kernel command line option).
	  This is due to the fact that random.c is not SP800-90B
	  compliant.

endmenu # "Entropy Source Configuration"

config LRNG_DRNG_CHACHA20
	tristate

config LRNG_DRBG
	tristate
	depends on CRYPTO
	select CRYPTO_DRBG_MENU

config LRNG_DRNG_KCAPI
	tristate
	depends on CRYPTO
	select CRYPTO_RNG

config LRNG_SWITCH
	bool

menuconfig LRNG_SWITCH_HASH
	bool "Support conditioning hash runtime switching"
	select LRNG_SWITCH
	help
	  The LRNG uses a default message digest. With this
	  configuration option other message digests can be selected
	  and loaded at runtime.

if LRNG_SWITCH_HASH

config LRNG_HASH_KCAPI
	tristate "Kernel crypto API hashing support for LRNG"
	select CRYPTO_HASH
	select CRYPTO_SHA512
	help
	  Enable the kernel crypto API support for entropy compression
	  and conditioning functions.

endif # LRNG_SWITCH_HASH

menuconfig LRNG_SWITCH_DRNG
	bool "Support DRNG runtime switching"
	select LRNG_SWITCH
	help
	  The LRNG uses a default DRNG With this configuration
	  option other DRNGs or message digests can be selected and
	  loaded at runtime.

if LRNG_SWITCH_DRNG

config LRNG_SWITCH_DRNG_CHACHA20
	tristate "ChaCha20-based DRNG support for LRNG"
	depends on !LRNG_DFLT_DRNG_CHACHA20
	select LRNG_DRNG_CHACHA20
	help
	  Enable the ChaCha20-based DRNG. This DRNG implementation
	  does not depend on the kernel crypto API presence.

config LRNG_SWITCH_DRBG
	tristate "SP800-90A support for the LRNG"
	depends on !LRNG_DFLT_DRNG_DRBG
	select LRNG_DRBG
	help
	  Enable the SP800-90A DRBG support for the LRNG. Once the
	  module is loaded, output from /dev/random, /dev/urandom,
	  getrandom(2), or get_random_bytes_full is provided by a DRBG.

config LRNG_SWITCH_DRNG_KCAPI
	tristate "Kernel Crypto API support for the LRNG"
	depends on !LRNG_DFLT_DRNG_KCAPI
	depends on !LRNG_SWITCH_DRBG
	select LRNG_DRNG_KCAPI
	help
	  Enable the support for generic pseudo-random number
	  generators offered by the kernel crypto API with the
	  LRNG. Once the module is loaded, output from /dev/random,
	  /dev/urandom, getrandom(2), or get_random_bytes is
	  provided by the selected kernel crypto API RNG.

endif # LRNG_SWITCH_DRNG

choice
	prompt "LRNG Default DRNG"
	default LRNG_DFLT_DRNG_CHACHA20
	help
	  Select the default deterministic random number generator
	  that is used by the LRNG. When enabling the switchable
	  cryptographic mechanism support, this DRNG can be
	  replaced at runtime.

	config LRNG_DFLT_DRNG_CHACHA20
		bool "ChaCha20-based DRNG"
		select LRNG_DRNG_CHACHA20

	config LRNG_DFLT_DRNG_DRBG
		depends on RANDOM_DEFAULT_IMPL
		bool "SP800-90A DRBG"
		select LRNG_DRBG

	config LRNG_DFLT_DRNG_KCAPI
		depends on RANDOM_DEFAULT_IMPL
		bool "Kernel Crypto API DRNG"
		select LRNG_DRNG_KCAPI
endchoice

menuconfig LRNG_TESTING_MENU
	bool "LRNG testing interfaces"
	depends on DEBUG_FS
	help
	  Enable one or more of the following test interfaces.

	  If unsure, say N.

if LRNG_TESTING_MENU

config LRNG_TESTING
	bool

config LRNG_TESTING_RECORDING
	bool

comment "Interrupt Entropy Source Test Interfaces"

config LRNG_RAW_HIRES_ENTROPY
	bool "Interface to obtain raw unprocessed IRQ noise source data"
	default y
	depends on LRNG_IRQ
	select LRNG_TESTING
	select LRNG_TESTING_RECORDING
	help
	  The test interface allows a privileged process to capture
	  the raw unconditioned high resolution time stamp noise that
	  is collected by the LRNG for statistical analysis. Extracted
	  noise data is not used to seed the LRNG.

	  The raw noise data can be obtained using the lrng_raw_hires
	  debugfs file. Using the option lrng_testing.boot_raw_hires_test=1
	  the raw noise of the first 1000 entropy events since boot
	  can be sampled.

config LRNG_RAW_JIFFIES_ENTROPY
	bool "Entropy test interface to Jiffies of IRQ noise source"
	depends on LRNG_IRQ
	select LRNG_TESTING
	select LRNG_TESTING_RECORDING
	help
	  The test interface allows a privileged process to capture
	  the raw unconditioned Jiffies that is collected by
	  the LRNG for statistical analysis. This data is used for
	  seeding the LRNG if a high-resolution time stamp is not
	  available. If a high-resolution time stamp is detected,
	  the Jiffies value is not collected by the LRNG and no
	  data is provided via the test interface. Extracted noise
	  data is not used to seed the random number generator.

	  The raw noise data can be obtained using the lrng_raw_jiffies
	  debugfs file. Using the option lrng_testing.boot_raw_jiffies_test=1
	  the raw noise of the first 1000 entropy events since boot
	  can be sampled.

config LRNG_RAW_IRQ_ENTROPY
	bool "Entropy test interface to IRQ number noise source"
	depends on LRNG_IRQ
	select LRNG_TESTING
	select LRNG_TESTING_RECORDING
	help
	  The test interface allows a privileged process to capture
	  the raw unconditioned interrupt number that is collected by
	  the LRNG for statistical analysis. Extracted noise data is
	  not used to seed the random number generator.

	  The raw noise data can be obtained using the lrng_raw_irq
	  debugfs file. Using the option lrng_testing.boot_raw_irq_test=1
	  the raw noise of the first 1000 entropy events since boot
	  can be sampled.

config LRNG_RAW_RETIP_ENTROPY
	bool "Entropy test interface to RETIP value of IRQ noise source"
	depends on LRNG_IRQ
	select LRNG_TESTING
	select LRNG_TESTING_RECORDING
	help
	  The test interface allows a privileged process to capture
	  the raw unconditioned return instruction pointer value
	  that is collected by the LRNG for statistical analysis.
	  Extracted noise data is not used to seed the random number
	  generator.

	  The raw noise data can be obtained using the lrng_raw_retip
	  debugfs file. Using the option lrng_testing.boot_raw_retip_test=1
	  the raw noise of the first 1000 entropy events since boot
	  can be sampled.

config LRNG_RAW_REGS_ENTROPY
	bool "Entropy test interface to IRQ register value noise source"
	depends on LRNG_IRQ
	select LRNG_TESTING
	select LRNG_TESTING_RECORDING
	help
	  The test interface allows a privileged process to capture
	  the raw unconditioned interrupt register value that is
	  collected by the LRNG for statistical analysis. Extracted noise
	  data is not used to seed the random number generator.

	  The raw noise data can be obtained using the lrng_raw_regs
	  debugfs file. Using the option lrng_testing.boot_raw_regs_test=1
	  the raw noise of the first 1000 entropy events since boot
	  can be sampled.

config LRNG_RAW_ARRAY
	bool "Test interface to LRNG raw entropy IRQ storage array"
	depends on LRNG_IRQ
	select LRNG_TESTING
	select LRNG_TESTING_RECORDING
	help
	  The test interface allows a privileged process to capture
	  the raw noise data that is collected by the LRNG
	  in the per-CPU array for statistical analysis. The purpose
	  of this interface is to verify that the array handling code
	  truly only concatenates data and provides the same entropy
	  rate as the raw unconditioned noise source when assessing
	  the collected data byte-wise.

	  The data can be obtained using the lrng_raw_array debugfs
	  file. Using the option lrng_testing.boot_raw_array=1
	  the raw noise of the first 1000 entropy events since boot
	  can be sampled.

config LRNG_IRQ_PERF
	bool "LRNG interrupt entropy source performance monitor"
	depends on LRNG_IRQ
	select LRNG_TESTING
	select LRNG_TESTING_RECORDING
	help
	  With this option, the performance monitor of the LRNG
	  interrupt handling code is enabled. The file provides
	  the execution time of the interrupt handler in
	  cycles.

	  The interrupt performance data can be obtained using
	  the lrng_irq_perf debugfs file. Using the option
	  lrng_testing.boot_irq_perf=1 the performance data of
	  the first 1000 entropy events since boot can be sampled.

comment "Scheduler Entropy Source Test Interfaces"

config LRNG_RAW_SCHED_HIRES_ENTROPY
	bool "Interface to obtain raw unprocessed scheduler noise source data"
	depends on LRNG_SCHED
	select LRNG_TESTING
	select LRNG_TESTING_RECORDING
	help
	  The test interface allows a privileged process to capture
	  the raw unconditioned high resolution time stamp noise that
	  is collected by the LRNG for the Scheduler-based noise source
	  for statistical analysis. Extracted  noise data is not used to
	  seed the LRNG.

	  The raw noise data can be obtained using the lrng_raw_sched_hires
	  debugfs file. Using the option
	  lrng_testing.boot_raw_sched_hires_test=1 the raw noise of the
	  first 1000 entropy events since boot can be sampled.

config LRNG_RAW_SCHED_PID_ENTROPY
	bool "Entropy test interface to PID value"
	depends on LRNG_SCHED
	select LRNG_TESTING
	select LRNG_TESTING_RECORDING
	help
	  The test interface allows a privileged process to capture
	  the raw unconditioned PID value that is collected by the
	  LRNG for statistical analysis. Extracted noise
	  data is not used to seed the random number generator.

	  The raw noise data can be obtained using the
	  lrng_raw_sched_pid debugfs file. Using the option
	  lrng_testing.boot_raw_sched_pid_test=1
	  the raw noise of the first 1000 entropy events since boot
	  can be sampled.

config LRNG_RAW_SCHED_START_TIME_ENTROPY
	bool "Entropy test interface to task start time value"
	depends on LRNG_SCHED
	select LRNG_TESTING
	select LRNG_TESTING_RECORDING
	help
	  The test interface allows a privileged process to capture
	  the raw unconditioned task start time value that is collected
	  by the LRNG for statistical analysis. Extracted noise
	  data is not used to seed the random number generator.

	  The raw noise data can be obtained using the
	  lrng_raw_sched_starttime debugfs file. Using the option
	  lrng_testing.boot_raw_sched_starttime_test=1
	  the raw noise of the first 1000 entropy events since boot
	  can be sampled.


config LRNG_RAW_SCHED_NVCSW_ENTROPY
	bool "Entropy test interface to task context switch numbers"
	depends on LRNG_SCHED
	select LRNG_TESTING
	select LRNG_TESTING_RECORDING
	help
	  The test interface allows a privileged process to capture
	  the raw unconditioned task numbers of context switches that
	  are collected by the LRNG for statistical analysis. Extracted
	  noise data is not used to seed the random number generator.

	  The raw noise data can be obtained using the
	  lrng_raw_sched_nvcsw debugfs file. Using the option
	  lrng_testing.boot_raw_sched_nvcsw_test=1
	  the raw noise of the first 1000 entropy events since boot
	  can be sampled.

config LRNG_SCHED_PERF
	bool "LRNG scheduler entropy source performance monitor"
	depends on LRNG_SCHED
	select LRNG_TESTING
	select LRNG_TESTING_RECORDING
	help
	  With this option, the performance monitor of the LRNG
	  scheduler event handling code is enabled. The file provides
	  the execution time of the interrupt handler in cycles.

	  The scheduler performance data can be obtained using
	  the lrng_sched_perf debugfs file. Using the option
	  lrng_testing.boot_sched_perf=1 the performance data of
	  the first 1000 entropy events since boot can be sampled.

comment "Auxiliary Test Interfaces"

config LRNG_ACVT_HASH
	bool "Enable LRNG ACVT Hash interface"
	select LRNG_TESTING
	help
	  With this option, the LRNG built-in hash function used for
	  auxiliary pool management and prior to switching the
	  cryptographic backends is made available for ACVT. The
	  interface allows writing of the data to be hashed
	  into the interface. The read operation triggers the hash
	  operation to generate message digest.

	  The ACVT interface is available with the lrng_acvt_hash
	  debugfs file.

config LRNG_RUNTIME_MAX_WO_RESEED_CONFIG
	bool "Enable runtime configuration of max reseed threshold"
	help
	  When enabling this option, the LRNG provides an interface
	  allowing the setting of the maximum number of DRNG generate
	  operations without a reseed that has full entropy. The
	  interface is lrng_drng.max_wo_reseed.

config LRNG_RUNTIME_FORCE_SEEDING_DISABLE
	bool "Enable runtime configuration of force seeding"
	help
	  When enabling this option, the LRNG provides an interface
	  allowing the disabling of the force seeding when the DRNG
	  is not fully seeded but entropy is available.

config LRNG_TEST_CPU_ES_COMPRESSION
	bool "Force CPU ES compression operation"
	help
	  When enabling this option, the CPU ES compression operation
	  is forced by setting an arbitrary value > 1 for the data
	  multiplier even when the CPU ES would deliver full entropy.
	  This allows testing of the compression operation. It
	  therefore forces to pull more data from the CPU ES
	  than what may be required.

endif #LRNG_TESTING_MENU

config LRNG_SELFTEST
	bool "Enable power-on and on-demand self-tests"
	help
	  The power-on self-tests are executed during boot time
	  covering the ChaCha20 DRNG, the hash operation used for
	  processing the entropy pools and the auxiliary pool, and
	  the time stamp management of the LRNG.

	  The on-demand self-tests are triggered by writing any
	  value into the SysFS file selftest_status. At the same
	  time, when reading this file, the test status is
	  returned. A zero indicates that all tests were executed
	  successfully.

	  If unsure, say Y.

if LRNG_SELFTEST

config LRNG_SELFTEST_PANIC
	bool "Panic the kernel upon self-test failure"
	help
	  If the option is enabled, the kernel is terminated if an
	  LRNG power-on self-test failure is detected.

endif # LRNG_SELFTEST

endif # LRNG

endmenu # LRNG