| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 Feb 2020 13:40:59 -0800
From: Randy Dunlap <rdunlap@...radead.org>
To: Mark Salyzyn <salyzyn@...roid.com>, linux-kernel@...r.kernel.org
Cc: kernel-team@...roid.com, Theodore Ts'o <tytso@....edu>,
Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Richard Henderson <richard.henderson@...aro.org>,
Mark Brown <broonie@...nel.org>,
Kees Cook <keescook@...omium.org>,
Hsin-Yi Wang <hsinyi@...omium.org>,
Vasily Gorbik <gor@...ux.ibm.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Masami Hiramatsu <mhiramat@...nel.org>,
"Steven Rostedt (VMware)" <rostedt@...dmis.org>,
Mike Rapoport <rppt@...ux.ibm.com>,
Arvind Sankar <nivedita@...m.mit.edu>,
Dominik Brodowski <linux@...inikbrodowski.net>,
Thomas Gleixner <tglx@...utronix.de>,
Alexander Potapenko <glider@...gle.com>
Subject: Re: [PATCH 4/4 v2] random: add rng-seed= command line option
On 2/10/20 6:45 AM, Mark Salyzyn wrote:
> A followup to commit 428826f5358c922dc378830a1717b682c0823160
> ("fdt: add support for rng-seed") to extend what was started
> with Open Firmware (OF or Device Tree) parsing, but also add
> it to the command line.
>
> If CONFIG_RANDOM_TRUST_BOOTLOADER is set, then feed the rng-seed
> command line option length as added trusted entropy.
>
> Always erase view of the rng-seed option, except our early command
> line parsing, to prevent leakage to applications or modules, to
> eliminate any attack vector.
>
> It is preferred to add rng-seed to the Device Tree, but some
> platforms do not have this option, so this adds the ability to
> provide some command-line-limited data to the entropy through this
> alternate mechanism. Expect on average 6 bits of useful entropy
> per character.
>
> ---
> drivers/char/random.c | 8 ++++
> include/linux/random.h | 5 +++
> init/main.c | 88 ++++++++++++++++++++++++++++++++++--------
> 3 files changed, 84 insertions(+), 17 deletions(-)
> diff --git a/init/main.c b/init/main.c
> index 9f4ce0356057e..ad52f03fb8de4 100644
> --- a/init/main.c
> +++ b/init/main.c
> @@ -524,6 +524,31 @@ static inline void smp_prepare_cpus(unsigned int maxcpus) { }
> * parsing is performed in place, and we should allow a component to
> * store reference of name/value for future reference.
> */
> +static const char rng_seed_str[] __initconst = "rng-seed=";
> +/* try to clear rng-seed so it won't be found by user applications. */
> +static void __init copy_command_line(char *dest, char *src, size_t r)
> +{
Please add this command line option to
Documentation/admin-guide/kernel-parameters.txt.
thanks.
--
~Randy
Powered by blists - more mailing lists