Re: Linux 5.3-rc8

From: Alexander E. Patrakov
Date: Wed Sep 18 2019 - 06:26:01 EST


18.09.2019 15:16, Willy Tarreau ÐÐÑÐÑ:
We've already discussed that point a few times. The issue is that
bootloaders and/or BIOSes tend to wipe everything. Ideally we should
let the boot loader collect entropy from the DDR training phase since
it's a period where noise is observed. It's also the right moment to
collect some random contents that may lie in the RAM cells.

Similarly asynchronous clocks driving external components can be used
as well if you can measure their phase with the CPU's clock.

This does not correspond to my own observations. I have a setup where a secondary key is saved into RAM for unlocking a LUKS container after a reboot. It is documented by me (sorry, in Russian only) here: https://habr.com/ru/post/457396/ , will publish an English translation in my blog if I get at least one request (in private email, please).

The results so far are:

1. Desktop with MSI Z87I board: works.
2. Lenovo Yoga 2 Pro laptop: works.
3. Server based on the Intel Corporation S1200SPL board (available from OVH as EG-32): does not work, memory is cleared.
4. Cheap server based on Gooxi G1SCN-B board (the cheapes thing with IPMI available on bacloud.com): works.

So that's 75% of success stories (found at least one page that is preserved after the "reboot" command) based on my samples.

--
Alexander E. Patrakov

Attachment: smime.p7s
Description: Криптографическая подпись S/MIME