-/* SPDX-License-Identifier: LGPL-2.1+ */
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
#if defined(__i386__) || defined(__x86_64__)
#include <cpuid.h>
#endif
#include "alloc-util.h"
+#include "env-util.h"
#include "errno-util.h"
#include "fd-util.h"
#include "fileio.h"
#endif
have_rdrand = !!(ecx & bit_RDRND);
+
+ if (have_rdrand > 0) {
+ /* Allow disabling use of RDRAND with SYSTEMD_RDRAND=0
+ If it is unset getenv_bool_secure will return a negative value. */
+ if (getenv_bool_secure("SYSTEMD_RDRAND") == 0) {
+ have_rdrand = false;
+ return -EOPNOTSUPP;
+ }
+ }
}
if (have_rdrand == 0)