Linux Security Summit 2021

A new approach for providing a /dev/random implementation is publicly available with the LRNG implementation and sent to the Linux kernel community for review. This new implementation provides the following benefits: * Sole use of contemporary cryptographic algorithms for data processing * Significant performance gains in performance critical interrupt handler * Availability of test interfaces allowing all execution steps to be validated including extracting of raw noise for entropy assessments * Flexible configuration including runtime-replacement of cryptographic components for crypto-agility * Clean design of combining multiple entropy sources With its API and ABI compliant interfaces to the existing /dev/random implementation the LRNG can be used as a drop-in replacement. The presentation is intended to introduce the different aspects of the LRNG and explain how the LRNG integrates with the Linux kernel. The goal is to allow peer kernel developers to understand the LRNG. The presentation also provides suggestions on how the LRNG may be integrated into the mainline kernel.