On 3 June 2017 at 18:54, Jeffrey Walton wrote:
> On Sat, Jun 3, 2017 at 5:45 PM, Sandy Harris wrote:
>> ...
>> Of course this will fail on systems with no high-res timer. Are there
>> still some of those? It might be done in about 1000 times as long on
The only sensible & general solution for the initialisation problem
that I have seen is John Denker's.
http://www.av8n.com/computer/htm/secure-random.htm#sec-boot-image
If I read that right, it would require only minor kernel changes &
none to the API Ted & others are worrying about. It would be
On Fri, Jun 2, 2017 at 10:41 AM, Daniel Micay wrote:
> On Fri, 2017-06-02 at 17:53 +0200, Jason A. Donenfeld wrote:
>> (Meanwhile...)
>>
>> In my own code, I'm currently playing with a workaround that looks
>> like this:
>>
>> --- a/src/main.c
>> +++ b/src/main.c
>>
>>
On Fri, Jun 2, 2017 at 7:41 PM, Daniel Micay wrote:
> One of the early uses is initializing the stack canary value for SSP in
> very early boot. If that blocks, it's going to be blocking nearly
> anything else from happening.
>
> On x86, that's only the initial canary since
On Fri, 2017-06-02 at 17:53 +0200, Jason A. Donenfeld wrote:
> (Meanwhile...)
>
> In my own code, I'm currently playing with a workaround that looks
> like this:
>
> --- a/src/main.c
> +++ b/src/main.c
>
> +#include
> +#include
>
> +struct rng_initializer {
> + struct completion done;