description / comments

debian/control

@@ -103,8 +103,12 @@ Description: enhances misc security settings
   * Load jitterentropy_rng kernel module.
   /usr/lib/modules-load.d/30_security-misc.conf
  .
-  * Distrusts the CPU for initial entropy at boot as it is
-  not possible to audit and may be backdoored. /etc/default/grub.d/40_distrust_cpu.cfg
+  * Distrusts the CPU for initial entropy at boot as it is not possible to
+  audit, may contain weaknesses or a backdoor.
+    * https://en.wikipedia.org/wiki/RDRAND#Reception
+    * https://twitter.com/pid_eins/status/1149649806056280069
+    * For more references, see:
+    * /etc/default/grub.d/40_distrust_cpu.cfg
  .
  Uncommon network protocols are blacklisted:
  These are rarely used and may have unknown vulnerabilities.

etc/default/grub.d/40_distrust_cpu.cfg

@@ -1,9 +1,11 @@
 ## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
 ## See the file COPYING for copying conditions.
 
-## Distrust the CPU for initial entropy as it is not possible to audit
-## and may have unknown backdoors.
+## Distrusts the CPU for initial entropy at boot as it is not possible to
+## audit, may contain weaknesses or a backdoor.
 ##
 ## https://en.wikipedia.org/wiki/RDRAND#Reception
-## https://forums.whonix.org/t/entropy-config-random-trust-cpu-yes-or-no-rng-core-default-quality/8566/
+## https://twitter.com/pid_eins/status/1149649806056280069
+## https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html
+## https://forums.whonix.org/t/entropy-config-random-trust-cpu-yes-or-no-rng-core-default-quality/8566
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX random.trust_cpu=off"