Date: Mon, 9 Nov 2015 21:09:22 +0000 From: Jason Cooper <kernel-hardening@...edaemon.net> To: Theodore Tso <tytso@...gle.com> Cc: kernel-hardening@...ts.openwall.com, Emese Revfy <re.emese@...il.com>, Kees Cook <keescook@...omium.org>, PaX Team <pageexec@...email.hu>, Brad Spengler <spender@...ecurity.net>, Greg KH <gregkh@...uxfoundation.org>, Josh Triplett <josh@...htriplett.org> Subject: Re: Re: Proposal for kernel self protection features On Mon, Nov 09, 2015 at 02:11:35PM -0500, Theodore Tso wrote: > On Mon, Nov 9, 2015 at 2:02 PM, Jason Cooper < > kernel-hardening@...edaemon.net> wrote: > > > /var/lib/misc/random-seed has served that role for years, I'm only > > advocating loading it earlier in the boot process. It's *much* harder > > to guess the state of random-seed than the dtb or mac address(es)... > > > > If the bootloader is willing to reach into the file system, which means (a) > having a minimal file system layer, like Grub does, and (b) can find the > block device where the file is found, that's a perfectly *fine* > implementation. I'm not sure mobile handset vendors will be all that > psyched into either using or replicating all of Grub's functionality so it > could do that, though.... Well, That's why I referred to reading from /boot or from a flash partition. Existing bootloaders in the field already have that capability. That's how they load the kernel. thx, Jason.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.