This gives me an idea for how to solve the lack of a first-stage bootloader (like biosboot(8)) on armv7. Currently U-Boot loads the kernel image directly into memory and jmp's to its entry point without an intermediary stage to read /etc/random.seed from disk and provide it to the kernel to kickstart the random subsystem. I tried to solve this problem by writing a standalone sd/mmc driver that would operate similar to biosboot(8) in that it would first be loaded and run by U-Boot, then read /etc/random.seed and the kernel image from the disk, load the entropy-supplied kernel into memory and execute it. I found that each armv7 machine's sd/mmc stack is implemented differently enough to require a standalone driver for every vendor's armv7 toy despite SD & MMC supposedly being "standard" interfaces. Trying to keep up with the ever-expanding list of armv7 machines seems like a futile and inelegant solution.
Perhaps the entropy normally written to /etc/random.seed upon shutdown can now be written directly to the kernel image itself, precluding the need for such standalone drivers. I believe the reason this wasn't done in the past was to allow checksum verification of the kernel image between boots. With this new patch, libc.so would change between boots precluding the possibility of such checksum verification, a contingency I believe was properly realized and accounted for. If we can stand to forgo the checksum verification of a big target like libc.so, perhaps we can forgo it with the kernel image itself too and solve the boot-time entropy problem. Ian
