Date: Wed, 16 Aug 2017 21:58:26 -0700 From: Kees Cook <keescook@...omium.org> To: Nick Kralevich <nnk@...gle.com> Cc: Laura Abbott <labbott@...hat.com>, Daniel Micay <danielmicay@...il.com>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, lkml <linux-kernel@...r.kernel.org>, Linux-MM <linux-mm@...ck.org>, Andrew Morton <akpm@...ux-foundation.org> Subject: Re: [PATCHv2 2/2] extract early boot entropy from the passed cmdline On Wed, Aug 16, 2017 at 9:56 PM, Nick Kralevich <nnk@...gle.com> wrote: > On Wed, Aug 16, 2017 at 3:46 PM, Laura Abbott <labbott@...hat.com> wrote: >> From: Daniel Micay <danielmicay@...il.com> >> >> Existing Android bootloaders usually pass data useful as early entropy >> on the kernel command-line. It may also be the case on other embedded >> systems. Sample command-line from a Google Pixel running CopperheadOS: >> > > Why is it better to put this into the kernel, rather than just rely on > the existing userspace functionality which does exactly the same > thing? This is what Android already does today: > https://android-review.googlesource.com/198113 That's too late for setting up the kernel stack canary, among other things. The kernel will also be generating some early secrets for slab cache canaries, etc. That all needs to happen well before init is started. -Kees -- Kees Cook Pixel Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.