Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20151109190224.GD20491@io.lakedaemon.net>
Date: Mon, 9 Nov 2015 19:02:24 +0000
From: Jason Cooper <kernel-hardening@...edaemon.net>
To: kernel-hardening@...ts.openwall.com
Cc: Emese Revfy <re.emese@...il.com>, Kees Cook <keescook@...omium.org>,
	PaX Team <pageexec@...email.hu>,
	Brad Spengler <spender@...ecurity.net>,
	Greg KH <gregkh@...uxfoundation.org>,
	Theodore Tso <tytso@...gle.com>,
	Josh Triplett <josh@...htriplett.org>
Subject: Re: Re: Proposal for kernel self protection
 features

Hey Valdis,

On Mon, Nov 09, 2015 at 01:57:57PM -0500, Valdis.Kletnieks@...edu wrote:
> On Mon, 09 Nov 2015 18:28:32 +0000, Jason Cooper said:
> > I had a proposal a while back (can't find atm, sorry) to have the
> > bootloader load the random-seed into RAM ...
> 
> It's *easy* to come up with an API to hand the kernel 64 or 128 bits of
> random to kick things off.
> 
> The *hard* part is finding 64 or so bits of trustable random to hand to
> the kernel....

/var/lib/misc/random-seed has served that role for years, I'm only
advocating loading it earlier in the boot process.  It's *much* harder
to guess the state of random-seed than the dtb or mac address(es)...

thx,

Jason.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.