# SPDX-License-Identifier: GPL-2.0
#
# Linux Random Number Generator configuration
#

menuconfig LRNG
	bool "Linux Random Number Generator"
	help
	  The Linux Random Number Generator (LRNG) is the replacement
	  of the existing /dev/random provided with drivers/char/random.c.
	  It generates entropy from different noise sources and
	  delivers significant entropy during boot.

if LRNG

choice
	prompt "LRNG Entropy Pool Size"
	default LRNG_POOL_SIZE_4096
	help
	  Select the size of the LRNG entropy pool. The size of the
	  entropy pool is relevant for the amount of entropy that
	  the LRNG can maintain as a maximum. The larger the size
	  of the entropy pool is the more entropy can be maintained
	  but the less often older entropic values are overwritten
	  with new entropy.

	config LRNG_POOL_SIZE_512
		bool "512 bits"

	config LRNG_POOL_SIZE_1024
		bool "1024 bits"

	config LRNG_POOL_SIZE_2048
		bool "2048 bits"

	config LRNG_POOL_SIZE_4096
		bool "4096 bits (default)"

	config LRNG_POOL_SIZE_8192
		bool "8192 bits"

	config LRNG_POOL_SIZE_16384
		bool "16384 bits"

	config LRNG_POOL_SIZE_32768
		bool "32768 bits"

	config LRNG_POOL_SIZE_65536
		bool "65536 bits"

	config LRNG_POOL_SIZE_131072
		bool "131072 bits"
endchoice

config LRNG_POOL_SIZE
	int
	default 0 if LRNG_POOL_SIZE_512
	default 1 if LRNG_POOL_SIZE_1024
	default 2 if LRNG_POOL_SIZE_2048
	default 3 if LRNG_POOL_SIZE_4096
	default 4 if LRNG_POOL_SIZE_8192
	default 5 if LRNG_POOL_SIZE_16384
	default 6 if LRNG_POOL_SIZE_32768
	default 7 if LRNG_POOL_SIZE_65536
	default 8 if LRNG_POOL_SIZE_131072

menuconfig LRNG_DRNG_SWITCH
	bool "Support DRNG runtime switching"
	help
	  The Linux RNG per default uses a ChaCha20 DRNG that is
	  accessible via the external interfaces. With this configuration
	  option other DRNGs can be selected and loaded at runtime.

if LRNG_DRNG_SWITCH
config LRNG_DRBG
	tristate "SP800-90A support for the LRNG"
	depends on CRYPTO
	select CRYPTO_DRBG_MENU
	select CRYPTO_CMAC if CRYPTO_DRBG_CTR
	help
	  Enable the SP800-90A DRBG support for the LRNG. Once the
	  module is loaded, output from /dev/random, /dev/urandom,
	  getrandom(2), or get_random_bytes is provided by a DRBG.

config LRNG_KCAPI
	tristate "Kernel Crypto API support for the LRNG"
	depends on CRYPTO
	select CRYPTO_RNG
	help
	  Enable the support for generic pseudo-random number
	  generators offered by the kernel crypto API with the
	  LRNG. Once the module is loaded, output from /dev/random,
	  /dev/urandom, getrandom(2), or get_random_bytes is
	  provided by the selected kernel crypto API RNG.
endif # LRNG_DRNG_SWITCH

config LRNG_JENT
	bool "Enable Jitter RNG as LRNG Seed Source"
	depends on CRYPTO
	select CRYPTO_JITTERENTROPY
	help
	  The Linux RNG may use the Jitter RNG as noise source. Enabling
	  this option enables the use of the Jitter RNG. Its default
	  entropy level is 16 bits of entropy per 256 data bits delivered
	  by the Jitter RNG. This entropy level can be changed at boot
	  time or at runtime with the lrng_base.jitterrng configuration
	  variable.

config LRNG_HEALTH_TESTS
	bool "Enable noise source online health tests"
	help
	  The online health tests validate the noise source at
	  runtime for fatal errors. These tests include SP800-90B
	  compliant tests which are invoked if the system is booted
	  with fips=1. In case of fatal errors during active
	  SP800-90B tests, the issue is logged and the noise
	  data is discarded. These tests are required for full
	  compliance with SP800-90B.

	  If unsure, say Y.

config LRNG_RCT_BROKEN
	bool "SP800-90B RCT with dangerous low cutoff value"
	depends on LRNG_HEALTH_TESTS
	depends on BROKEN
	default n
	help
	  This option enables a dangerously low SP800-90B repetitive
	  count test (RCT) cutoff value which makes it very likely
	  that the RCT is triggered to raise a self test failure.

	  This option is ONLY intended for developers wanting to
	  test the effectiveness of the SP800-90B RCT health test.

	  If unsure, say N.

config LRNG_APT_BROKEN
	bool "SP800-90B APT with dangerous low cutoff value"
	depends on LRNG_HEALTH_TESTS
	depends on BROKEN
	default n
	help
	  This option enables a dangerously low SP800-90B adaptive
	  proportion test (APT) cutoff value which makes it very
	  likely that the RCT is triggered to raise a self test
	  failure.

	  This option is ONLY intended for developers wanting to
	  test the effectiveness of the SP800-90B APT health test.

	  If unsure, say N.

# Default taken from SP800-90B sec 4.4.1 - significance level 2^-30
config LRNG_RCT_CUTOFF
	int
	default 31 if !LRNG_RCT_BROKEN
	default 1 if LRNG_RCT_BROKEN

# Default taken from SP800-90B sec 4.4.2 - significance level 2^-30
config LRNG_APT_CUTOFF
	int
	default 325 if !LRNG_APT_BROKEN
	default 32 if LRNG_APT_BROKEN

menuconfig LRNG_TESTING_MENU
	bool "LRNG testing interfaces"
	depends on DEBUG_FS
	help
	  Enable one or more of the following test interfaces.

	  If unsure, say N.

if LRNG_TESTING_MENU

config LRNG_RAW_ENTROPY
	bool "Enable entropy test interface to LRNG noise source"
	default y
	help
	  The test interface allows a privileged process to capture
	  the raw unconditioned noise that is collected by the LRNG
	  for statistical analysis. Extracted noise data is not used
	  to seed the LRNG.

	  The raw noise data can be obtained using the lrng_raw
	  debugfs file. Using the option lrng_testing.boot_test=1
	  the raw noise of the first 1000 entropy events since boot
	  can be sampled.

config LRNG_RAW_ARRAY
	bool "Enable test interface to LRNG raw entropy storage array"
	help
	  The test interface allows a privileged process to capture
	  the raw noise data that is collected by the LRNG
	  in the per-CPU array for statistical analysis. The purpose
	  of this interface is to verify that the array handling code
	  truly only concatenates data and provides the same entropy
	  rate as the raw unconditioned noise source when assessing
	  the collected data byte-wise.

	  The data can be obtained using the lrng_raw_array debugfs
	  file. Using the option lrng_testing.boot_raw_array=1
	  the raw noise of the first 1000 entropy events since boot
	  can be sampled.

config LRNG_IRQ_PERF
	bool "Enable LRNG interrupt performance monitor"
	help
	  With this option, the performance monitor of the LRNG
	  interrupt handling code is enabled. The file provides
	  the execution time of the interrupt handler in
	  cycles.

	  The interrupt performance data can be obtained using
	  the lrng_irq_perf debugfs file. Using the option
	  lrng_testing.boot_irq_perf=1 the performance data of
	  the first 1000 entropy events since boot can be sampled.

config LRNG_TESTING
	bool
	default y if (LRNG_RAW_ENTROPY || LRNG_RAW_ARRAY || LRNG_IRQ_PERF)

endif #LRNG_TESTING_MENU

config LRNG_SELFTEST
	bool "Enable power-on and on-demand self-tests"
	help
	  The power-on self-tests are executed during boot time
	  covering the ChaCha20 DRNG, the LFSR processing and the
	  time stamp management of the LRNG.

	  The on-demand self-tests are triggered by writing any
	  value into the SysFS file selftest_status. At the same
	  time, when reading this file, the test status is
	  returned. A zero indicates that all tests were executed
	  successfully.

	  If unsure, say Y.

if LRNG_SELFTEST

config LRNG_SELFTEST_PANIC
	bool "Panic the kernel upon self-test failure"
	help
	  If the option is enabled, the kernel is terminated if an
	  LRNG power-on self-test failure is detected.

endif # LRNG_SELFTEST

endif # LRNG
