| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Feb 2020 06:45:01 -0800
From: Mark Salyzyn <salyzyn@...roid.com>
To: linux-kernel@...r.kernel.org
Cc: kernel-team@...roid.com, Mark Salyzyn <salyzyn@...roid.com>
Subject: [PATCH 0/4 v2] random add rng-seed to command line option
A followup to commit 428826f5358c922dc378830a1717b682c0823160
("fdt: add support for rng-seed") to extend what was started
with Open Firmware (OF or Device Tree) parsing, but also add
it to the command line.
If CONFIG_RANDOM_TRUST_BOOTLOADER is set, then feed the rng-seed
command line option length as added trusted entropy.
Always erase all views of the rng-seed option, except early command
line parsing, to prevent leakage to applications or modules, to
eliminate any attack vector.
It is preferred to add rng-seed to the Device Tree, but some
platforms do not have this option, so this adds the ability to
provide some command-line-limited data to the entropy through this
alternate mechanism. Expect on average 6 bits of useful entropy
per character.
Mark Salyzyn (4):
init: move string constants to __initconst section
init: boot_command_line can be truncated
random: rng-seed source is utf-8
random: add rng-seed= command line option
---
v2
- Split into four bite sized patches.
- Correct spelling in commit message.
- rng-seed is assumed to be utf-8, so correct both to 6 bits/character
of collected entropy.
- Move entropy collection to a static __always_inline helper function.
drivers/char/random.c | 10 +++-
include/linux/random.h | 5 ++
init/main.c | 115 ++++++++++++++++++++++++++++++-----------
3 files changed, 100 insertions(+), 30 deletions(-)
--
2.25.0.341.g760bfbb309-goog
Powered by blists - more mailing lists