Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 9 Nov 2015 21:09:22 +0000
From: Jason Cooper <>
To: Theodore Tso <>
Cc:, Emese Revfy <>,
	Kees Cook <>, PaX Team <>,
	Brad Spengler <>,
	Greg KH <>,
	Josh Triplett <>
Subject: Re: Re: Proposal for kernel self protection

On Mon, Nov 09, 2015 at 02:11:35PM -0500, Theodore Tso wrote:
> On Mon, Nov 9, 2015 at 2:02 PM, Jason Cooper <
>> wrote:
> > /var/lib/misc/random-seed has served that role for years, I'm only
> > advocating loading it earlier in the boot process.  It's *much* harder
> > to guess the state of random-seed than the dtb or mac address(es)...
> >
> If the bootloader is willing to reach into the file system, which means (a)
> having a minimal file system layer, like Grub does, and (b) can find the
> block device where the file is found, that's a perfectly *fine*
> implementation.    I'm not sure mobile handset vendors will be all that
> psyched into either using or replicating all of Grub's functionality so it
> could do that, though....

Well, That's why I referred to reading from /boot or from a flash
partition.  Existing bootloaders in the field already have that
capability.  That's how they load the kernel.



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.