[PATCH 0/2] Use RNG to get random behaviour
Torsten Duwe
duwe at lst.de
Wed Dec 16 14:17:36 CET 2020
On Wed, 16 Dec 2020 11:41:15 +0100
matthias.bgg at kernel.org wrote:
> From: Matthias Brugger <mbrugger at suse.com>
>
>
> For now bootp and uuid code use a weak seed for generating random
> data. U-Boot as support for RNG devices now, so we should change to
> code to use them if they are present. This will help mitigate issues
> like seen in CVE-2019-11690.
First of all: thanks for bringing this up. These patches are a big
improvement over the current state.
But: thinking about this further, it could be possible to give U-Boot a
lightweight version of a complete entropy keeper, with /dev/random and
/dev/urandom functionality. Linux, for example, will happily randomise
the kernel address layout, if it's configured and the boot loader
provides enough entropy...
But for now this should be good enough.
Torsten
More information about the U-Boot
mailing list