[PATCH 0/2] Use RNG to get random behaviour
Peter Robinson
pbrobinson at gmail.com
Wed Dec 16 14:42:32 CET 2020
On Wed, Dec 16, 2020 at 1:17 PM Torsten Duwe <duwe at lst.de> wrote:
>
> On Wed, 16 Dec 2020 11:41:15 +0100
> matthias.bgg at kernel.org wrote:
>
> > From: Matthias Brugger <mbrugger at suse.com>
> >
> >
> > For now bootp and uuid code use a weak seed for generating random
> > data. U-Boot as support for RNG devices now, so we should change to
> > code to use them if they are present. This will help mitigate issues
> > like seen in CVE-2019-11690.
>
> First of all: thanks for bringing this up. These patches are a big
> improvement over the current state.
>
> But: thinking about this further, it could be possible to give U-Boot a
> lightweight version of a complete entropy keeper, with /dev/random and
> /dev/urandom functionality. Linux, for example, will happily randomise
> the kernel address layout, if it's configured and the boot loader
> provides enough entropy...
That functionality is already available with U-Boot via the UEFI
random seed functionality if you're booting Linux using U-Boot's UEFI
support.
More information about the U-Boot
mailing list