summary refs log tree commit diff
path: root/pkgs/os-specific/linux/kernel/common-config.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/os-specific/linux/kernel/common-config.nix')
-rw-r--r--pkgs/os-specific/linux/kernel/common-config.nix7
1 files changed, 7 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix
index fb583551f1b..1aedcdc7c0f 100644
--- a/pkgs/os-specific/linux/kernel/common-config.nix
+++ b/pkgs/os-specific/linux/kernel/common-config.nix
@@ -562,6 +562,13 @@ let
       KEYS_REQUEST_CACHE               = whenAtLeast "5.3" yes;
       # randomized slab caches
       RANDOM_KMALLOC_CACHES            = whenAtLeast "6.6" yes;
+
+      # NIST SP800-90A DRBG modes - enabled by most distributions
+      #   and required by some out-of-tree modules (ShuffleCake)
+      #   This does not include the NSA-backdoored Dual-EC mode from the same NIST publication.
+      CRYPTO_DRBG_HASH                 = yes;
+      CRYPTO_DRBG_CTR                  = yes;
+
     } // optionalAttrs stdenv.hostPlatform.isx86_64 {
       # Enable Intel SGX
       X86_SGX     = whenAtLeast "5.11" yes;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-29 19:25:42 +0000