Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 05 Apr 2013 11:15:18 -0700
From: "H. Peter Anvin" <>
To: Ingo Molnar <>
CC: Kees Cook <>,,,
        Thomas Gleixner <>, Ingo Molnar <>,, Jarkko Sakkinen <>,
        Matthew Garrett <>,
        Matt Fleming <>,
        Eric Northup <>,
        Dan Rosenberg <>,
        Julien Tinnes <>, Will Drewry <>,
        Linus Torvalds <>
Subject: Re: [PATCH 1/3] x86: routines to choose random kernel base offset

On 04/05/2013 12:36 AM, Ingo Molnar wrote:
> * Ingo Molnar <> wrote:
>> * Kees Cook <> wrote:
>>> This provides routines for selecting a randomized kernel base offset, 
>>> bounded by e820 details. It tries to use RDRAND and falls back to RDTSC. 
>>> If "noaslr" is on the kernel command line, no offset will be used.
>> Would it make sense to also add three other sources of entropy:
> In any case, would it be possible to also mix these bootup sources of 
> entropy into our regular random pool?
> That would improve random pool entropy on all Linux systems, not just 
> those that choose to enable kernel-base-address randomization.

I think we already do at least some of these, but at this point, for any
non-RDRAND-capable hardware we could almost certainly do better for any
definition of anything at all.

RDRAND is obviously the ultimate solution here.


Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.