Date: Mon, 9 Nov 2015 14:11:35 -0500 From: Theodore Tso <tytso@...gle.com> To: Jason Cooper <kernel-hardening@...edaemon.net> Cc: kernel-hardening@...ts.openwall.com, Emese Revfy <re.emese@...il.com>, Kees Cook <keescook@...omium.org>, PaX Team <pageexec@...email.hu>, Brad Spengler <spender@...ecurity.net>, Greg KH <gregkh@...uxfoundation.org>, Josh Triplett <josh@...htriplett.org> Subject: Re: Re: Proposal for kernel self protection features On Mon, Nov 9, 2015 at 2:02 PM, Jason Cooper < kernel-hardening@...edaemon.net> wrote: > /var/lib/misc/random-seed has served that role for years, I'm only > advocating loading it earlier in the boot process. It's *much* harder > to guess the state of random-seed than the dtb or mac address(es)... > If the bootloader is willing to reach into the file system, which means (a) having a minimal file system layer, like Grub does, and (b) can find the block device where the file is found, that's a perfectly *fine* implementation. I'm not sure mobile handset vendors will be all that psyched into either using or replicating all of Grub's functionality so it could do that, though.... -- Ted Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.