linux: Select `RANDOM_TRUST_CPU`

[pmenzel]

On the fast booting systems, there is not enough entropy in the beginning.

Dec 19 12:52:52 hypnotoad.molgen.mpg.de kernel: random: systemd-random-: uninitialized urandom read (512 bytes read)
Dec 19 12:52:53 hypnotoad.molgen.mpg.de kernel: random: tune3ware.pl: uninitialized urandom read (4 bytes read)
Dec 19 12:52:53 hypnotoad.molgen.mpg.de kernel: random: hostconfig: uninitialized urandom read (4 bytes read)
Dec 19 12:52:53 hypnotoad.molgen.mpg.de kernel: random: make-automaps: uninitialized urandom read (4 bytes read)
Dec 19 12:52:53 hypnotoad.molgen.mpg.de kernel: random: 5 urandom warning(s) missed due to ratelimiting

Should we trust the CPU manufacturers?

        random.trust_cpu={on,off}
                        [KNL] Enable or disable trusting the use of the
                        CPU's random number generator (if available) to
                        fully seed the kernel's CRNG. Default is controlled
                        by CONFIG_RANDOM_TRUST_CPU.

config RANDOM_TRUST_CPU
        bool "Trust the CPU manufacturer to initialize Linux's CRNG"
        depends on X86 || S390 || PPC
        default n
        help
        Assume that CPU manufacturer (e.g., Intel or AMD for RDSEED or
        RDRAND, IBM for the S390 and Power PC architectures) is trustworthy
        for the purposes of initializing Linux's CRNG.  Since this is not
        something that can be independently audited, this amounts to trusting
        that CPU manufacturer (perhaps with the insistence or mandate
        of a Nation State's intelligence or law enforcement agencies)
        has not installed a hidden back door to compromise the CPU's
        random number generation facilities. This can also be configured
        at boot with "random.trust_cpu=on/off".

deinemuddah:~> grep TRUST_CPU /boot/config-*
/boot/config-4.19.19.mx64.244:# CONFIG_RANDOM_TRUST_CPU is not set
/boot/config-4.19.40.mx64.262:# CONFIG_RANDOM_TRUST_CPU is not set
/boot/config-4.19.52.mx64.272:# CONFIG_RANDOM_TRUST_CPU is not set
/boot/config-4.19.56.mx64.274:# CONFIG_RANDOM_TRUST_CPU is not set
/boot/config-4.19.57.mx64.276:# CONFIG_RANDOM_TRUST_CPU is not set
/boot/config-4.19.57.mx64.282:# CONFIG_RANDOM_TRUST_CPU is not set
/boot/config-4.19.57.mx64.286:# CONFIG_RANDOM_TRUST_CPU is not set
/boot/config-5.4.5.mx64.305:# CONFIG_RANDOM_TRUST_CPU is not set

[donald]

I think we can switch that on.