Re: kaslr: better rng

To: matthew green <mrg%eterna.com.au@localhost>
Subject: Re: kaslr: better rng
From: Taylor R Campbell <campbell+netbsd-tech-kern%mumble.net@localhost>
Date: Mon, 6 Nov 2017 21:21:12 +0000

> Date: Tue, 07 Nov 2017 07:57:58 +1100
> from: matthew green <mrg%eterna.com.au@localhost>
> 
> > Well, we could indeed extend /var/db/entropy-file. However, I would really
> > prefer the random area to be generated from a previous run of the system, and
> > not from the bootloader taking a seed in the file. Unless there is a
> > combination of both?
> 
> it would be nice if the lack of this file wasn't a major problem
> and that, eg, if rdrand was available it would be used as a seed
> instead/additionally
> 
> the two cases i see this regularly are pxe booted systems and in
> the installer, both a fairly important cases so i think supporting
> them as well would be worthwhile.

Yes -- we should hash together the file and cpu_rng.

References:
- re: kaslr: better rng
  - From: matthew green

Prev by Date: re: kaslr: better rng
Next by Date: Re: kaslr: better rng
Previous by Thread: re: kaslr: better rng
Indexes:

Home | Main Index | Thread Index | Old Index