|
Message-ID: <20151109200623.GA24788@cloud> Date: Mon, 9 Nov 2015 12:06:23 -0800 From: Josh Triplett <josh@...htriplett.org> To: Theodore Tso <tytso@...gle.com> Cc: Jason Cooper <kernel-hardening@...edaemon.net>, kernel-hardening@...ts.openwall.com, Emese Revfy <re.emese@...il.com>, Kees Cook <keescook@...omium.org>, PaX Team <pageexec@...email.hu>, Brad Spengler <spender@...ecurity.net>, Greg KH <gregkh@...uxfoundation.org> Subject: Re: Re: Proposal for kernel self protection features On Mon, Nov 09, 2015 at 02:11:35PM -0500, Theodore Tso wrote: > On Mon, Nov 9, 2015 at 2:02 PM, Jason Cooper < > kernel-hardening@...edaemon.net> wrote: > > > /var/lib/misc/random-seed has served that role for years, I'm only > > advocating loading it earlier in the boot process. It's *much* harder > > to guess the state of random-seed than the dtb or mac address(es)... > > > > If the bootloader is willing to reach into the file system, which means (a) > having a minimal file system layer, like Grub does, and (b) can find the > block device where the file is found, that's a perfectly *fine* > implementation. I'm not sure mobile handset vendors will be all that > psyched into either using or replicating all of Grub's functionality so it > could do that, though.... How crazy would it be to append it to the end of the initramfs, as we've started making possible for critical firmware/microcode/tables? - Josh Triplett
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.