I proposed a solution where you could specify this via a boot-command line option, and/or a default specified why a compile-time kernel config option. That got rejected because most users wouldn't be able to find the tuning knob, and most distros wouldn't want the reputational/liability risk of "insecure by default", and from Linus's perspective, confused users seeing their system block on boot and and then e-mailing Linus == BAD.
As far as whether it might be simpler to attack the CRNG, please see https://factorable.net/ where a researcher found that at one point 10% of all publically reachable internet sites had insecure SSH keys due to a weaknesses in Linux's random number generator. Granted, these were mostly end user's home routers (many of which had open ssh ports in the day), and most servers on x86 wouldn't have been nearly as vulnerable. But the "Mining your p's and q's" paper is one of the key reasons why I remain very conservative about Linus's random driver to this day. I got the pre-publication notification on July 3rd, and I spent all day on July 4th on top of the Boston Science Museum's parking garage with a laptop, frantically trying to come up with a good fix to the problem while my very patient and accomodating girlfriend and I were waiting for the Boston Pops Fireworks show in the evening.... This is not the kind of thing one wants to do again!
I’d definitely prefer a build-level option. Some of us are working with some internal systems that haven’t (yet) been embraced by the loving arms of automation.
As far as whether it might be simpler to attack the CRNG, please see https://factorable.net/ where a researcher found that at one point 10% of all publically reachable internet sites had insecure SSH keys due to a weaknesses in Linux's random number generator. Granted, these were mostly end user's home routers (many of which had open ssh ports in the day), and most servers on x86 wouldn't have been nearly as vulnerable. But the "Mining your p's and q's" paper is one of the key reasons why I remain very conservative about Linus's random driver to this day. I got the pre-publication notification on July 3rd, and I spent all day on July 4th on top of the Boston Science Museum's parking garage with a laptop, frantically trying to come up with a good fix to the problem while my very patient and accomodating girlfriend and I were waiting for the Boston Pops Fireworks show in the evening.... This is not the kind of thing one wants to do again!