Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 9 Nov 2015 19:02:24 +0000
From: Jason Cooper <>
Cc: Emese Revfy <>, Kees Cook <>,
	PaX Team <>,
	Brad Spengler <>,
	Greg KH <>,
	Theodore Tso <>,
	Josh Triplett <>
Subject: Re: Re: Proposal for kernel self protection

Hey Valdis,

On Mon, Nov 09, 2015 at 01:57:57PM -0500, wrote:
> On Mon, 09 Nov 2015 18:28:32 +0000, Jason Cooper said:
> > I had a proposal a while back (can't find atm, sorry) to have the
> > bootloader load the random-seed into RAM ...
> It's *easy* to come up with an API to hand the kernel 64 or 128 bits of
> random to kick things off.
> The *hard* part is finding 64 or so bits of trustable random to hand to
> the kernel....

/var/lib/misc/random-seed has served that role for years, I'm only
advocating loading it earlier in the boot process.  It's *much* harder
to guess the state of random-seed than the dtb or mac address(es)...



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.