Date: Fri, 05 Apr 2013 11:15:18 -0700 From: "H. Peter Anvin" <hpa@...or.com> To: Ingo Molnar <mingo@...nel.org> CC: Kees Cook <keescook@...omium.org>, linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, x86@...nel.org, Jarkko Sakkinen <jarkko.sakkinen@...el.com>, Matthew Garrett <mjg@...hat.com>, Matt Fleming <matt.fleming@...el.com>, Eric Northup <digitaleric@...gle.com>, Dan Rosenberg <drosenberg@...curity.com>, Julien Tinnes <jln@...gle.com>, Will Drewry <wad@...omium.org>, Linus Torvalds <torvalds@...ux-foundation.org> Subject: Re: [PATCH 1/3] x86: routines to choose random kernel base offset On 04/05/2013 12:36 AM, Ingo Molnar wrote: > > * Ingo Molnar <mingo@...nel.org> wrote: > >> >> * Kees Cook <keescook@...omium.org> wrote: >> >>> This provides routines for selecting a randomized kernel base offset, >>> bounded by e820 details. It tries to use RDRAND and falls back to RDTSC. >>> If "noaslr" is on the kernel command line, no offset will be used. >> >> Would it make sense to also add three other sources of entropy: > > In any case, would it be possible to also mix these bootup sources of > entropy into our regular random pool? > > That would improve random pool entropy on all Linux systems, not just > those that choose to enable kernel-base-address randomization. > I think we already do at least some of these, but at this point, for any non-RDRAND-capable hardware we could almost certainly do better for any definition of anything at all. RDRAND is obviously the ultimate solution here. -hpa
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.