| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGXu5jKSk9910EiyR1q+UzPst_XeP5_Uyx7Wu3j4+Tnsha70qg@mail.gmail.com> Date: Thu, 23 Jun 2016 12:59:07 -0700 From: Kees Cook <keescook@...omium.org> To: Sandy Harris <sandyinchina@...il.com> Cc: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, Thomas Garnier <thgarnie@...gle.com>, Ingo Molnar <mingo@...nel.org>, Andy Lutomirski <luto@...nel.org>, "x86@...nel.org" <x86@...nel.org>, Borislav Petkov <bp@...e.de>, Baoquan He <bhe@...hat.com>, Yinghai Lu <yinghai@...nel.org>, Juergen Gross <jgross@...e.com>, Matt Fleming <matt@...eblueprint.co.uk>, Toshi Kani <toshi.kani@....com>, Andrew Morton <akpm@...ux-foundation.org>, Dan Williams <dan.j.williams@...el.com>, "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>, Dave Hansen <dave.hansen@...ux.intel.com>, Xiao Guangrong <guangrong.xiao@...ux.intel.com>, Martin Schwidefsky <schwidefsky@...ibm.com>, "Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>, Alexander Kuleshov <kuleshovmail@...il.com>, Alexander Popov <alpopov@...ecurity.com>, Dave Young <dyoung@...hat.com>, Joerg Roedel <jroedel@...e.de>, Lv Zheng <lv.zheng@...el.com>, Mark Salter <msalter@...hat.com>, Dmitry Vyukov <dvyukov@...gle.com>, Stephen Smalley <sds@...ho.nsa.gov>, Boris Ostrovsky <boris.ostrovsky@...cle.com>, Christian Borntraeger <borntraeger@...ibm.com>, Jan Beulich <JBeulich@...e.com>, LKML <linux-kernel@...r.kernel.org>, Jonathan Corbet <corbet@....net>, "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org> Subject: Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR On Thu, Jun 23, 2016 at 12:45 PM, Sandy Harris <sandyinchina@...il.com> wrote: > Jason Cooper <jason@...edaemon.net> wrote: > >> Modern systems that receive a seed from the bootloader via the >> random-seed property (typically from the hw-rng) can mix both sources >> for increased resilience. >> >> Unfortunately, I'm not very familiar with the internals of x86 >> bootstrapping. Could GRUB be scripted to do a similar task? How would >> the address and size of the seed be passed to the kernel? command line? > > One suggestion is at: > http://www.av8n.com/computer/htm/secure-random.htm#sec-boot-image Interesting! This might pose a problem for signed images, though. (Actually, for signed arm kernels is the DT signed too? If so, it would be a similar problem.) -Kees -- Kees Cook Chrome OS & Brillo Security
Powered by blists - more mailing lists