The change
It was decided to set two security-related kernel configuration directives to Y by default, specifically, RANDOM_TRUST_CPU and RANDOM_TRUST_BOOTLOADER. Let's see what they are used for.
In CPU we trust?
There is a well-known problem with constructing good random number generator: to produce fast and reliable random numbers, you need to "seed" it with another and better random number. Chicken and egg problem. Luckily, CPU and firmware manufacturers can provide some initial random data to the operating system during boot time. This data will never be used directly, rather it is passed to hash function and mixed into the "input pool", thus improving the level of randomness of the whole system. Intel and AMD CPUs has this well-known RDRAND instruction. RANDOM_TRUST_CPU kernel build option indicates if the kernel will try to seed its random number generator using the CPU-provided random value. Similarly, UEFI has special memory regions, EFI tables, that store important system attributes, and 64-bit random seed is one of them. RANDOM_TRUST_BOOTLOADER controls whether the kernel uses this EFI-supplied number as well. Finally, the bootloader can also supply a random seed to the kernel via a device tree structure (FDT, Flattened Device Tree) - this is also controlled by the latter configuration option.
In versions prior 5.18.6, kernels did not use CPU and EFI/bootloader random seed, if not stated explicitly in the kernel command line. Now, this behavior is in effect by default.
Useful Links