[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20170730104453.GA15517@amd>
Date: Sun, 30 Jul 2017 12:44:53 +0200
From: Pavel Machek <pavel@....cz>
To: Theodore Ts'o <tytso@....edu>,
Sandy Harris <sandyinchina@...il.com>,
Stephan Müller <smueller@...onox.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"Jason A. Donenfeld" <jason@...c4.com>,
Arnd Bergmann <arnd@...db.de>,
Linux Crypto Mailing List <linux-crypto@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH v12 3/4] Linux Random Number Generator
Hi!
On Tue 2017-07-18 21:51:33, Theodore Ts'o wrote:
> On Tue, Jul 18, 2017 at 09:00:10PM -0400, Sandy Harris wrote:
> > The only really good solution I know of is to find a way to provide a
> > chunk of randomness early in the boot process. John Denker has a good
> > discussion of doing this by modifying the kernel image & Ted talks of
> > doing it via the boot loader. Neither looks remarkably easy. Other
> > approaches like making the kernel read a seed file or passing a
> > parameter on the kernel command line have been suggested but, if I
> > recall right, rejected.
>
> It's actually not that _hard_ to modify the boot loader. It's not
> finicky work like, say, adding support for metadata checksums or xattr
> deduplication to ext4. It's actually mostly plumbing. It's just that
> we haven't found a lot of people willing to do it as paid work, and
> the hobbyists haven't been interested.
Modifying the boot loader sources is not hard, right.
Deploying the modified boot loader is another story; these are
bootloaders -- they normally don't need updating, so they are often
not easy to update, or maybe updating them is risky.
Anyway, if you want to pay for some bootloader modifications... I'm
working for a company that can help :-). (Sometimes I use
pavel@...x.de address.)
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)
Powered by blists - more mailing lists