From 0c25a96b59b5bb55c04c88015eb8b50d79815a23 Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Tue, 3 Dec 2019 02:18:32 -0500
Subject: [PATCH] description / comments

---
 debian/control                         | 8 ++++++--
 etc/default/grub.d/40_distrust_cpu.cfg | 8 +++++---
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/debian/control b/debian/control
index ccdc21c..a464eaf 100644
--- a/debian/control
+++ b/debian/control
@@ -103,8 +103,12 @@ Description: enhances misc security settings
   * Load jitterentropy_rng kernel module.
   /usr/lib/modules-load.d/30_security-misc.conf
  .
-  * Distrusts the CPU for initial entropy at boot as it is
-  not possible to audit and may be backdoored. /etc/default/grub.d/40_distrust_cpu.cfg
+  * Distrusts the CPU for initial entropy at boot as it is not possible to
+  audit, may contain weaknesses or a backdoor.
+    * https://en.wikipedia.org/wiki/RDRAND#Reception
+    * https://twitter.com/pid_eins/status/1149649806056280069
+    * For more references, see:
+    * /etc/default/grub.d/40_distrust_cpu.cfg
  .
  Uncommon network protocols are blacklisted:
  These are rarely used and may have unknown vulnerabilities.
diff --git a/etc/default/grub.d/40_distrust_cpu.cfg b/etc/default/grub.d/40_distrust_cpu.cfg
index 4d001c2..f3f2fab 100644
--- a/etc/default/grub.d/40_distrust_cpu.cfg
+++ b/etc/default/grub.d/40_distrust_cpu.cfg
@@ -1,9 +1,11 @@
 ## Copyright (C) 2019 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
 ## See the file COPYING for copying conditions.
 
-## Distrust the CPU for initial entropy as it is not possible to audit
-## and may have unknown backdoors.
+## Distrusts the CPU for initial entropy at boot as it is not possible to
+## audit, may contain weaknesses or a backdoor.
 ##
 ## https://en.wikipedia.org/wiki/RDRAND#Reception
-## https://forums.whonix.org/t/entropy-config-random-trust-cpu-yes-or-no-rng-core-default-quality/8566/
+## https://twitter.com/pid_eins/status/1149649806056280069
+## https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html
+## https://forums.whonix.org/t/entropy-config-random-trust-cpu-yes-or-no-rng-core-default-quality/8566
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX random.trust_cpu=off"