Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753997AbdG3Ko5 (ORCPT ); Sun, 30 Jul 2017 06:44:57 -0400 Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:39571 "EHLO atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750939AbdG3Koz (ORCPT ); Sun, 30 Jul 2017 06:44:55 -0400 Date: Sun, 30 Jul 2017 12:44:53 +0200 From: Pavel Machek To: "Theodore Ts'o" , Sandy Harris , Stephan =?iso-8859-1?Q?M=FCller?= , Greg Kroah-Hartman , "Jason A. Donenfeld" , Arnd Bergmann , Linux Crypto Mailing List , LKML Subject: Re: [RFC PATCH v12 3/4] Linux Random Number Generator Message-ID: <20170730104453.GA15517@amd> References: <3910055.ntkqcq1Chb@positron.chronox.de> <150039607.torZXMN7kc@positron.chronox.de> <20170718085212.GB25267@kroah.com> <1780567.qGdv4EjEMp@positron.chronox.de> <20170718210816.o6c4iziaqj5dnnd3@thunk.org> <20170719015133.aijabk36g7m6daek@thunk.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="oyUTqETQ0mS9luUI" Content-Disposition: inline In-Reply-To: <20170719015133.aijabk36g7m6daek@thunk.org> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1917 Lines: 53 --oyUTqETQ0mS9luUI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! On Tue 2017-07-18 21:51:33, Theodore Ts'o wrote: > On Tue, Jul 18, 2017 at 09:00:10PM -0400, Sandy Harris wrote: > > The only really good solution I know of is to find a way to provide a > > chunk of randomness early in the boot process. John Denker has a good > > discussion of doing this by modifying the kernel image & Ted talks of > > doing it via the boot loader. Neither looks remarkably easy. Other > > approaches like making the kernel read a seed file or passing a > > parameter on the kernel command line have been suggested but, if I > > recall right, rejected. >=20 > It's actually not that _hard_ to modify the boot loader. It's not > finicky work like, say, adding support for metadata checksums or xattr > deduplication to ext4. It's actually mostly plumbing. It's just that > we haven't found a lot of people willing to do it as paid work, and > the hobbyists haven't been interested. Modifying the boot loader sources is not hard, right. Deploying the modified boot loader is another story; these are bootloaders -- they normally don't need updating, so they are often not easy to update, or maybe updating them is risky. Anyway, if you want to pay for some bootloader modifications... I'm working for a company that can help :-). (Sometimes I use pavel@denx.de address.) Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --oyUTqETQ0mS9luUI Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAll9uKUACgkQMOfwapXb+vI5wwCgqSPGfi4E9DLuNMqAPlQ93y/j LnwAn1cn50SUMRq+zFO/O597BPPp4gaw =4V8m -----END PGP SIGNATURE----- --oyUTqETQ0mS9luUI--