Re: Randomization from the bootblocks

2014-01-03 Thread Alexey E. Suslikov
Theo de Raadt cvs.openbsd.org> writes: > >Having no interrupt (and such) entropy means less entropy. > > > >>From other hand, there are lot of speculations about some > >hardware entropy sources are suspected (proven?) bad (or > >intentionally hijacked?). > > > >So question here is, does moving r

Re: Randomization from the bootblocks

2014-01-02 Thread Alexander Hall
On 01/02/14 11:50, Alexey Suslikov wrote: Theo de Raadt cvs.openbsd.org> writes: This requires an upgrade of the bootblocks and at least /etc/rc (which saves an entropy file for future use). Some bootblocks will be able to use machine-dependent features to improve the entropy even further (fo

Re: Randomization from the bootblocks

2014-01-02 Thread Theo de Raadt
>Theo de Raadt cvs.openbsd.org> writes: > >> This requires an upgrade of the bootblocks and at least >> /etc/rc (which saves an entropy file for future use). Some >> bootblocks will be able to use machine-dependent features >> to improve the entropy even further (for instance using >> random inst

Re: Randomization from the bootblocks

2014-01-02 Thread Ted Unangst
On Thu, Jan 02, 2014 at 12:50, Alexey Suslikov wrote: > I have a question. > > Having no interrupt (and such) entropy means less entropy. > > From other hand, there are lot of speculations about some > hardware entropy sources are suspected (proven?) bad (or > intentionally hijacked?). > > So qu

Randomization from the bootblocks

2014-01-02 Thread Alexey Suslikov
Theo de Raadt cvs.openbsd.org> writes: > This requires an upgrade of the bootblocks and at least > /etc/rc (which saves an entropy file for future use). Some > bootblocks will be able to use machine-dependent features > to improve the entropy even further (for instance using > random instruction

Re: Randomization from the bootblocks

2013-12-28 Thread Theo de Raadt
> At least i386, amd64, macppc, sparc64, hppa, and loongson > are supported. Hopefully the others are not far behind. Oh someone will ask how to verify this is working correctly. Well, you can't really tell. The following kernel diff will let you know that the propolice cookie has come from dat

Randomization from the bootblocks

2013-12-28 Thread Theo de Raadt
Over the holidays I've written code to do something we've talked about for a long time but never gotten around to. The bootblocks are now capable of providing entropy to the kernel very early on. This requires an upgrade of the bootblocks and at least /etc/rc (which saves an entropy file for futu