WiP: config/coreboot* : activate trust_cpu, let system defined proper…

… jitter entropy but set settings for high mem

- jitterentropy_rng.kcapi=1 was missing to activate jitter
- random.trust_cpu=1 is needed so the kernel trusts the CPU's hardware random number generator and use it as one of the sources of entropy for its pseudo-random number generator.
- kernel.jitterentropy.ll and kernel.jitterentropy.ml  The default values are 0 and 0, which means that the jitterentropy library will use a variable number of loop iterations based on the CPU speed.
- kernel.jitterentropy.bs and kernel.jitterentropy.bc to use more RAM in the memory access loop. The default values are 64 and 16, which means that the memory access loop will use a buffer size of 64 bytes and a cache line size of 16 bytes. However, you can set them to larger values, such as 256 and 64, or even higher, such as 1024 and 256. This will make the memory access loop consume more memory, but may also generate more noise and entropy
- kernel.jitterentropy.bs and kernel.jitterentropy.bc to use more RAM in the memory access loop. The default values are 64 and 16, which means that the memory access loop will use a buffer size of 64 bytes and a cache line size of 16 bytes. However, setting them to larger values, such as 256 and 64, or even higher, such as 1024 and 256 will make the memory access loop consume more memory, but may also generate more noise and entropy

Test guidelines:
- To see the test points for jitter, you can run `dmesg | grep -i jitter`. You should see something like this:

```
[    0.000000] Linux version 5.14.0-arch1-1 (linux@archlinux) (gcc (GCC) 11.1.0, GNU ld (GNU Binutils) 2.36.1) #1 SMP PREEMPT Sun, 29 Aug 2021 12:50:37 +0000
[    0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=... rw random.trust_cpu=1 kernel.jitterentropy.ll=100 kernel.jitterentropy.ml=100 kernel.jitterentropy.bs=256 kernel.jitterentropy.bc=64 rng_core.default_quality=500 jitterentropy_rng.kcapi=1
[    0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=... rw random.trust_cpu=1 kernel.jitterentropy.ll=100 kernel.jitterentropy.ml=100 kernel.jitterentropy.bs=256 kernel.jitterentropy.bc=64 rng_core.default_quality=500 jitterentropy_rng.kcapi=1
[    0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
[    0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
[    0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
[    0.000000] x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  256
[    0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'compacted' format.
...
[    3.123456] jitterentropy_rng: Jitter RNG initialized with kcapi hash ¹
...
```

This shows that the jitter entropy generator is enabled and initialized with the kcapi hash option, which uses the kernel crypto API to perform the hashing operation ². The jitter entropy generator will inject entropy into the kernel's random pool using the RNDADDENTROPY ioctl ³.

- To see the test points for cpu extension, you can run `dmesg | grep -i rdrand`. You should see something like this:

```
[    0.000000] Linux version 5.14.0-arch1-1 (linux@archlinux) (gcc (GCC) 11.1.0, GNU ld (GNU Binutils) 2.36.1) #1 SMP PREEMPT Sun, 29 Aug 2021 12:50:37 +0000
[    0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=... rw random.trust_cpu=1 kernel.jitterentropy.ll=100 kernel.jitterentropy.ml=100 kernel.jitterentropy.bs=256 kernel.jitterentropy.bc=64 rng_core.default_quality=500 jitterentropy_rng.kcapi=1
[    0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=... rw random.trust_cpu=1 kernel.jitterentropy.ll=100 kernel.jitterentropy.ml=100 kernel.jitterentropy.bs=256 kernel.jitterentropy.bc=64 rng_core.default_quality=500 jitterentropy_rng.kcapi=1
[    0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
[    0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
[    0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
[    0.000000] x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  256
[    0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'compacted' format.
...
[    3.456789] random: crng done (trusting CPU's manufacturer) ⁴
...
```

This shows that the rdrand instruction is enabled and trusted as a source of entropy for the kernel's PRNG . The kernel will use rdrand to improve the entropy of its PRNG, by xor'ing the values received from rdrand with other sources of randomness .

- To see the test points for tpm, you can run `dmesg | grep -i tpm`. You should see something like this:

```
[    0.000000] Linux version 5.14.0-arch1-1 (linux@archlinux) (gcc (GCC) 11.1.0, GNU ld (GNU Binutils) 2.36.1) #1 SMP PREEMPT Sun, 29 Aug 2021 12:50:37 +0000
[    0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=... rw random.trust_cpu=1 kernel.jitterentropy.ll=100 kernel.jitterentropy.ml=100 kernel.jitterentropy.bs=256 kernel.jitterentropy.bc=64 rng_core.default_quality=500 jitterentropy_rng.kcapi=1
[    0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=... rw random.trust_cpu=1 kernel.jitterentropy.ll=100 kernel.jitterentropy.ml=100 kernel.jitterentropy.bs=256 kernel.jitterentropy.bc=64 rng_core.default_quality=500 jitterentropy_rng.kcapi=1
[    0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
[    0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
[    0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
[    0.000000] x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  256
[    0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'compacted' format.
...
[    3.789012] tpm_tis MSFT0101:00: [Firmware Bug]: ACPI region does not cover the entire command/response buffer. [mem 0xfed40000-0xfed4087f flags 0x200] vs fed40080 f80
[    3.789012] tpm_tis MSFT0101:00: [Firmware Bug]: ACPI region does not cover the entire command/response buffer. [mem 0xfed40000-0xfed4087f flags 0x200] vs fed40080 f80
[    3.789012] tpm_tis MSFT0101:00: TPM2 command buffer too small! Adjusting to minimum size
[    3.789012] tpm_tis MSFT0101:00: TPM2 command buffer too small! Adjusting to minimum size
[    3.789012] tpm_tis MSFT0101:00: [Firmware Bug]: TPM interrupt not working, polling instead
[    3.789012] tpm_tis MSFT0101:00: [Firmware Bug]: TPM interrupt not working, polling instead
...
```

This shows that the tpm device is detected and initialized by the kernel, but with some firmware bugs that affect its functionality . The tpm device can provide random numbers through its Get Random command . The kernel can use the tpm device as an entropy source for its PRNG, by reading from /dev/tpm0 or /dev/tpmrm0 .

config/coreboot-kgpe-d16_server-whiptail.config

@@ -169,7 +169,7 @@ CONFIG_HEAP_SIZE=0xc0000
 # CONFIG_CONSOLE_POST is not set
 CONFIG_SUBSYSTEM_VENDOR_ID=0x0000
 CONFIG_SUBSYSTEM_DEVICE_ID=0x0000
-CONFIG_LINUX_COMMAND_LINE="nohz=on console=tty0 earlyprintk=tty0 random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="nohz=on console=tty0 earlyprintk=tty0 random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_BOARD_ROMSIZE_KB_2048=y
 # CONFIG_COREBOOT_ROMSIZE_KB_64 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_128 is not set

config/coreboot-kgpe-d16_server.config

@@ -169,7 +169,7 @@ CONFIG_HEAP_SIZE=0xc0000
 # CONFIG_CONSOLE_POST is not set
 CONFIG_SUBSYSTEM_VENDOR_ID=0x0000
 CONFIG_SUBSYSTEM_DEVICE_ID=0x0000
-CONFIG_LINUX_COMMAND_LINE="nohz=on console=ttyS1,115200n8 earlyprintk=ttyS1,115200 random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="nohz=on console=ttyS1,115200n8 earlyprintk=ttyS1,115200 random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_BOARD_ROMSIZE_KB_2048=y
 # CONFIG_COREBOOT_ROMSIZE_KB_64 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_128 is not set

config/coreboot-kgpe-d16_workstation-usb_keyboard.config

@@ -169,7 +169,7 @@ CONFIG_HEAP_SIZE=0xc0000
 # CONFIG_CONSOLE_POST is not set
 CONFIG_SUBSYSTEM_VENDOR_ID=0x0000
 CONFIG_SUBSYSTEM_DEVICE_ID=0x0000
-CONFIG_LINUX_COMMAND_LINE="nohz=on console=tty0 earlyprintk=tty0 random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="nohz=on console=tty0 earlyprintk=tty0 random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_BOARD_ROMSIZE_KB_2048=y
 # CONFIG_COREBOOT_ROMSIZE_KB_64 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_128 is not set

config/coreboot-kgpe-d16_workstation.config

@@ -169,7 +169,7 @@ CONFIG_HEAP_SIZE=0xc0000
 # CONFIG_CONSOLE_POST is not set
 CONFIG_SUBSYSTEM_VENDOR_ID=0x0000
 CONFIG_SUBSYSTEM_DEVICE_ID=0x0000
-CONFIG_LINUX_COMMAND_LINE="nohz=on console=tty0 earlyprintk=tty0 random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="nohz=on console=tty0 earlyprintk=tty0 random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_BOARD_ROMSIZE_KB_2048=y
 # CONFIG_COREBOOT_ROMSIZE_KB_64 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_128 is not set

config/coreboot-librem_13v2.config

@@ -10,5 +10,5 @@ CONFIG_NO_GFX_INIT=y
 CONFIG_TPM_MEASURED_BOOT=y
 CONFIG_PAYLOAD_LINUX=y
 CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage"
-CONFIG_LINUX_COMMAND_LINE="iommu=pt quiet loglevel=2 drm_kms_helper.drm_leak_fbdev_smem=1 i915.enable_fbc=0 random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="iommu=pt quiet loglevel=2 drm_kms_helper.drm_leak_fbdev_smem=1 i915.enable_fbc=0 random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz"

config/coreboot-librem_13v4.config

@@ -10,5 +10,5 @@ CONFIG_NO_GFX_INIT=y
 CONFIG_TPM_MEASURED_BOOT=y
 CONFIG_PAYLOAD_LINUX=y
 CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage"
-CONFIG_LINUX_COMMAND_LINE="iommu=pt quiet loglevel=2 drm_kms_helper.drm_leak_fbdev_smem=1 i915.enable_fbc=0 random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="iommu=pt quiet loglevel=2 drm_kms_helper.drm_leak_fbdev_smem=1 i915.enable_fbc=0 random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz"

config/coreboot-librem_14.config

@@ -11,5 +11,5 @@ CONFIG_TPM_MEASURED_BOOT=y
 CONFIG_PAYLOAD_LINUX=y
 CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage"
 CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz"
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=2 drm_kms_helper.drm_leak_fbdev_smem=1 i915.enable_fbc=0 random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=2 drm_kms_helper.drm_leak_fbdev_smem=1 i915.enable_fbc=0 random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_CBFS_SIZE=0xC00000

config/coreboot-librem_15v3.config

@@ -10,5 +10,5 @@ CONFIG_NO_GFX_INIT=y
 CONFIG_TPM_MEASURED_BOOT=y
 CONFIG_PAYLOAD_LINUX=y
 CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage"
-CONFIG_LINUX_COMMAND_LINE="iommu=pt quiet loglevel=2 drm_kms_helper.drm_leak_fbdev_smem=1 i915.enable_fbc=0 random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="iommu=pt quiet loglevel=2 drm_kms_helper.drm_leak_fbdev_smem=1 i915.enable_fbc=0 random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz"

config/coreboot-librem_15v4.config

@@ -10,5 +10,5 @@ CONFIG_NO_GFX_INIT=y
 CONFIG_TPM_MEASURED_BOOT=y
 CONFIG_PAYLOAD_LINUX=y
 CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage"
-CONFIG_LINUX_COMMAND_LINE="iommu=pt quiet loglevel=2 drm_kms_helper.drm_leak_fbdev_smem=1 i915.enable_fbc=0 random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="iommu=pt quiet loglevel=2 drm_kms_helper.drm_leak_fbdev_smem=1 i915.enable_fbc=0 random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz"

config/coreboot-librem_l1um.config

@@ -23,4 +23,4 @@ CONFIG_NO_POST=y
 CONFIG_PAYLOAD_LINUX=y
 CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage"
 CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz"
-CONFIG_LINUX_COMMAND_LINE="quiet loglevel=3 random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="quiet loglevel=3 random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"

config/coreboot-librem_l1um_v2.config

@@ -6,7 +6,7 @@ CONFIG_ME_BIN_PATH="3rdparty/purism-blobs/mainboard/purism/librem_l1um_v2/me.bin
 CONFIG_HAVE_IFD_BIN=y
 CONFIG_BOARD_PURISM_LIBREM_L1UM_V2=y
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="quiet loglevel=2 random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="quiet loglevel=2 random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_BINS=y
 CONFIG_CPU_UCODE_BINARIES="3rdparty/purism-blobs/mainboard/purism/librem_l1um_v2/cpu_microcode_blob.bin"
 CONFIG_HAVE_ME_BIN=y

config/coreboot-librem_mini.config

@@ -12,4 +12,4 @@ CONFIG_NO_GFX_INIT=y
 CONFIG_PAYLOAD_LINUX=y
 CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage"
 CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz"
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=2 drm_kms_helper.drm_leak_fbdev_smem=1 i915.enable_fbc=0 random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=2 drm_kms_helper.drm_leak_fbdev_smem=1 i915.enable_fbc=0 random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"

config/coreboot-librem_mini_v2.config

@@ -11,5 +11,5 @@ CONFIG_NO_GFX_INIT=y
 CONFIG_PAYLOAD_LINUX=y
 CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage"
 CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz"
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=2 drm_kms_helper.drm_leak_fbdev_smem=1 i915.enable_fbc=0 random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=2 drm_kms_helper.drm_leak_fbdev_smem=1 i915.enable_fbc=0 random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_CBFS_SIZE=0xC00000

config/coreboot-p8z77-m_pro-tpm1.config

@@ -196,7 +196,7 @@ CONFIG_DRIVERS_UART_8250IO=y
 CONFIG_HEAP_SIZE=0x4000
 CONFIG_EC_GPE_SCI=0x50
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=on intel_iommu=igfx_off nohz=off random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=on intel_iommu=igfx_off nohz=off random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_BOARD_ROMSIZE_KB_8192=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set

config/coreboot-qemu-fbwhiptail-tpm1-hotp.config

@@ -5,7 +5,7 @@ CONFIG_CBFS_SIZE=0x980000
 # CONFIG_POST_DEVICE is not set
 CONFIG_BOARD_EMULATION_QEMU_X86_Q35=y
 # CONFIG_CONSOLE_SERIAL is not set
-CONFIG_LINUX_COMMAND_LINE="debug console=ttyS0,115200 console=tty random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="debug console=ttyS0,115200 console=tty random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_COREBOOT_ROMSIZE_KB_10240=y
 CONFIG_PCIEXP_ASPM=y
 CONFIG_PCIEXP_COMMON_CLOCK=y

config/coreboot-qemu-tpm1.config

@@ -149,7 +149,7 @@ CONFIG_DCACHE_BSP_STACK_SIZE=0x4000
 CONFIG_ECAM_MMCONF_BASE_ADDRESS=0xb0000000
 CONFIG_ECAM_MMCONF_BUS_NUMBER=256
 CONFIG_MAX_ACPI_TABLE_SIZE_KB=224
-CONFIG_DRIVERS_INTEL_WIFI=y
+# CONFIG_DRIVERS_INTEL_WIFI is not set
 CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x20000
 CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="QEMU x86 q35/ich9"
 CONFIG_PCIEXP_HOTPLUG_BUSES=32
@@ -163,7 +163,7 @@ CONFIG_DRIVERS_UART_8250IO=y
 CONFIG_HEAP_SIZE=0x8000
 CONFIG_EC_GPE_SCI=0x50
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="debug console=ttyS0,115200 console=tty random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="debug console=ttyS0,115200 console=tty random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_BOARD_ROMSIZE_KB_2048=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set
@@ -354,7 +354,7 @@ CONFIG_USE_DDR2=y
 #
 CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000
 CONFIG_TPM_INIT_RAMSTAGE=y
-# CONFIG_TPM_PPI is not set
+CONFIG_TPM_PPI=y
 CONFIG_DRIVERS_UART=y
 # CONFIG_DRIVERS_UART_OXPCIE is not set
 CONFIG_HAVE_USBDEBUG=y
@@ -379,7 +379,6 @@ CONFIG_MEMORY_MAPPED_TPM=y
 CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000
 CONFIG_VGA=y
 # CONFIG_DRIVERS_SIL_3114 is not set
-CONFIG_DRIVERS_WIFI_GENERIC=y
 # end of Generic Drivers
 
 #

config/coreboot-qemu-tpm2.config

@@ -160,7 +160,7 @@ CONFIG_DRIVERS_UART_8250IO=y
 CONFIG_HEAP_SIZE=0x8000
 CONFIG_EC_GPE_SCI=0x50
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="debug console=ttyS0,115200 console=tty random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="debug console=ttyS0,115200 console=tty random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_BOARD_ROMSIZE_KB_2048=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set

config/coreboot-t420-maximized.config

@@ -204,7 +204,7 @@ CONFIG_GFX_GMA_PANEL_1_PORT="LVDS"
 CONFIG_HEAP_SIZE=0x4000
 CONFIG_EC_GPE_SCI=0x50
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_BOARD_ROMSIZE_KB_8192=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set

config/coreboot-t420.config

@@ -203,7 +203,7 @@ CONFIG_GFX_GMA_PANEL_1_PORT="LVDS"
 CONFIG_HEAP_SIZE=0x4000
 CONFIG_EC_GPE_SCI=0x50
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_BOARD_ROMSIZE_KB_8192=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set

config/coreboot-t430-legacy-flash.config

@@ -197,7 +197,7 @@ CONFIG_GFX_GMA_PANEL_1_PORT="LVDS"
 CONFIG_HEAP_SIZE=0x4000
 CONFIG_EC_GPE_SCI=0x50
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE=" random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE=" random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_BOARD_ROMSIZE_KB_12288=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set

config/coreboot-t430-legacy.config

@@ -202,7 +202,7 @@ CONFIG_GFX_GMA_PANEL_1_PORT="LVDS"
 CONFIG_HEAP_SIZE=0x4000
 CONFIG_EC_GPE_SCI=0x50
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_BOARD_ROMSIZE_KB_12288=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set

config/coreboot-t430-maximized.config

@@ -204,7 +204,7 @@ CONFIG_GFX_GMA_PANEL_1_PORT="LVDS"
 CONFIG_HEAP_SIZE=0x4000
 CONFIG_EC_GPE_SCI=0x50
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_BOARD_ROMSIZE_KB_12288=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set

config/coreboot-t440p.config

@@ -202,7 +202,7 @@ CONFIG_PCIEXP_CLK_PM=y
 CONFIG_HEAP_SIZE=0x4000
 CONFIG_EC_GPE_SCI=0x50
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_BOARD_ROMSIZE_KB_12288=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set

config/coreboot-t520-maximized.config

@@ -205,7 +205,7 @@ CONFIG_BOARD_LENOVO_BASEBOARD_T520=y
 CONFIG_HEAP_SIZE=0x4000
 CONFIG_EC_GPE_SCI=0x50
 # CONFIG_TPM_MEASURED_BOOT is not set
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=3 random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=3 random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_BOARD_ROMSIZE_KB_8192=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set

config/coreboot-t530-dgpu-maximized.config

@@ -208,7 +208,7 @@ CONFIG_PRE_GRAPHICS_DELAY_MS=0
 CONFIG_HEAP_SIZE=0x4000
 CONFIG_EC_GPE_SCI=0x50
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_BOARD_ROMSIZE_KB_12288=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set

config/coreboot-t530-maximized.config

@@ -207,7 +207,7 @@ CONFIG_BOARD_LENOVO_BASEBOARD_T530=y
 CONFIG_HEAP_SIZE=0x4000
 CONFIG_EC_GPE_SCI=0x50
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_BOARD_ROMSIZE_KB_12288=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set

config/coreboot-w530-dgpu-K1000m-maximized.config

@@ -208,7 +208,7 @@ CONFIG_PRE_GRAPHICS_DELAY_MS=0
 CONFIG_HEAP_SIZE=0x4000
 CONFIG_EC_GPE_SCI=0x50
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_BOARD_ROMSIZE_KB_12288=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set

config/coreboot-w530-dgpu-K2000m-maximized.config

@@ -208,7 +208,7 @@ CONFIG_PRE_GRAPHICS_DELAY_MS=0
 CONFIG_HEAP_SIZE=0x4000
 CONFIG_EC_GPE_SCI=0x50
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_BOARD_ROMSIZE_KB_12288=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set

config/coreboot-w530-maximized.config

@@ -207,7 +207,7 @@ CONFIG_BOARD_LENOVO_BASEBOARD_T530=y
 CONFIG_HEAP_SIZE=0x4000
 CONFIG_EC_GPE_SCI=0x50
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_BOARD_ROMSIZE_KB_12288=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set

config/coreboot-x220-maximized.config

@@ -204,7 +204,7 @@ CONFIG_GFX_GMA_PANEL_1_PORT="LVDS"
 CONFIG_HEAP_SIZE=0x4000
 CONFIG_EC_GPE_SCI=0x50
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=0 kernel.jitterentropy.ll=10 kernel.jitterentropy.ml=10 kernel.jitterentropy.bs=64 kernel.jitterentropy.bc=16 rng_core.default_quality=1000"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet random.trust_cpu=1 jitterentropy_rng.kcapi=1 kernel.jitterentropy.bs=1024 kernel.jitterentropy.bc=256"
 CONFIG_BOARD_ROMSIZE_KB_8192=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set