Re: [kernel-hardening] Re: get_random_bytes returns bad randomness before seeding is complete

On 3 June 2017 at 18:54, Jeffrey Walton wrote: > On Sat, Jun 3, 2017 at 5:45 PM, Sandy Harris wrote: >> ... >> Of course this will fail on systems with no high-res timer. Are there >> still some of those? It might be done in about 1000 times as long on

Re: [kernel-hardening] Re: get_random_bytes returns bad randomness before seeding is complete

The only sensible & general solution for the initialisation problem that I have seen is John Denker's. http://www.av8n.com/computer/htm/secure-random.htm#sec-boot-image If I read that right, it would require only minor kernel changes & none to the API Ted & others are worrying about. It would be

Re: [kernel-hardening] Re: get_random_bytes returns bad randomness before seeding is complete

On Fri, Jun 2, 2017 at 10:41 AM, Daniel Micay wrote: > On Fri, 2017-06-02 at 17:53 +0200, Jason A. Donenfeld wrote: >> (Meanwhile...) >> >> In my own code, I'm currently playing with a workaround that looks >> like this: >> >> --- a/src/main.c >> +++ b/src/main.c >> >>

Re: [kernel-hardening] Re: get_random_bytes returns bad randomness before seeding is complete

On Fri, Jun 2, 2017 at 7:41 PM, Daniel Micay wrote: > One of the early uses is initializing the stack canary value for SSP in > very early boot. If that blocks, it's going to be blocking nearly > anything else from happening. > > On x86, that's only the initial canary since

Re: [kernel-hardening] Re: get_random_bytes returns bad randomness before seeding is complete

On Fri, 2017-06-02 at 17:53 +0200, Jason A. Donenfeld wrote: > (Meanwhile...) > > In my own code, I'm currently playing with a workaround that looks > like this: > > --- a/src/main.c > +++ b/src/main.c > > +#include > +#include > > +struct rng_initializer { > + struct completion done;