Re: [tip:x86/kaslr] x86, kaslr: Provide randomness functions

[H. Peter Anvin]

On 11/11/2013 11:32 AM, Kees Cook wrote:
>>>
>>> Why aren't the 3 sources of entropy XOR-ed together?
> 
> Ah, excellent suggestion. There's no reason they couldn't be. I can
> rework that function to do that.
> 
>>> Also, we talked about also adding system dependent entropy sources, such
>>> as memory layout or the DMI table - none of that seems to have happened.
> 
> It seemed like those things didn't contribute as much entropy as the 3
> already in use, but I could investigate how to distill those things
> down into entropy. Perhaps just XORing the start and length of every
> e820 area? DMI I'll need to dig into...
> 

DMI and ACPI are relatively straightforward: they are really just blocks
of memory with magic pointers.  Since you don't actually need to parse
them, it is mostly just a matter of finding those blocks of memory and
hashing them.

You could also hash the BDA - the first 0x500 bytes of memory - although
that starts to get into the "what about weird nontraditional platforms"
space.

A *MAJOR* issue with DMI and ACPI is that the way they are located is
firmware dependent: there is a search algorithm defined for BIOS
platforms, whereas on EFI I believe it requires doing runtime calls to
find things.

Of course, perhaps we could just hash struct boot_params as a starting
point?

	-hpa

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/