[PATCH 0/2] Use RNG to get random behaviour

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: Torsten Duwe <duwe@lst.de>
To: u-boot@lists.denx.de
Subject: [PATCH 0/2] Use RNG to get random behaviour
Date: Wed, 16 Dec 2020 14:17:36 +0100	[thread overview]
Message-ID: <20201216141724.7362738e@blackhole.lan> (raw)
In-Reply-To: <20201216104117.10836-1-matthias.bgg@kernel.org>

On Wed, 16 Dec 2020 11:41:15 +0100
matthias.bgg at kernel.org wrote:

> From: Matthias Brugger <mbrugger@suse.com>
> 
> 
> For now bootp and uuid code use a weak seed for generating random
> data. U-Boot as support for RNG devices now, so we should change to
> code to use them if they are present. This will help mitigate issues
> like seen in CVE-2019-11690.

First of all: thanks for bringing this up. These patches are a big
improvement over the current state.

But: thinking about this further, it could be possible to give U-Boot a
lightweight version of a complete entropy keeper, with /dev/random and
/dev/urandom functionality. Linux, for example, will happily randomise
the kernel address layout, if it's configured and the boot loader
provides enough entropy...

But for now this should be good enough.

	Torsten

next prev parent reply	other threads:[~2020-12-16 13:17 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-16 10:41 [PATCH 0/2] Use RNG to get random behaviour matthias.bgg at kernel.org
2020-12-16 10:41 ` [PATCH 1/2] lib: uuid: use RNG device if present matthias.bgg at kernel.org
2020-12-16 13:22   ` Torsten Duwe
2020-12-16 10:41 ` [PATCH 2/2] net: Use NDRNG device in srand_mac() matthias.bgg at kernel.org
2020-12-16 13:20   ` Torsten Duwe
2020-12-16 15:56     ` Matthias Brugger
2020-12-16 13:17 ` Torsten Duwe [this message]
2020-12-16 13:42   ` [PATCH 0/2] Use RNG to get random behaviour Peter Robinson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201216141724.7362738e@blackhole.lan \
    --to=duwe@lst.de \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox