On Wed, Jun 22, 2016 at 8:59 AM, Thomas Garnier <thgar...@google.com> wrote: > On Wed, Jun 22, 2016 at 5:47 AM, Jason Cooper <ja...@lakedaemon.net> wrote: >> Hey Kees, >> >> On Tue, Jun 21, 2016 at 05:46:57PM -0700, Kees Cook wrote: >>> Notable problems that needed solving: >> ... >>> - Reasonable entropy is needed early at boot before get_random_bytes() >>> is available. >> >> This series is targetting x86, which typically has RDRAND/RDSEED >> instructions. Are you referring to other arches? Older x86? Also, >> isn't this the same requirement for base address KASLR? >> >> Don't get me wrong, I want more diverse entropy sources available >> earlier in the boot process as well. :-) I'm just wondering what's >> different about this series vs base address KASLR wrt early entropy >> sources. >> > > I think Kees was referring to the refactor I did to get the similar > entropy generation than KASLR module randomization. Our approach was > to provide best entropy possible even if you have an older processor > or under virtualization without support for these instructions. > Unfortunately common on companies with a large number of older > machines.
Right, the memory offset KASLR uses the same routines as the kernel base KASLR. The issue is with older x86 systems, which continue to be very common. -Kees -- Kees Cook Chrome OS & Brillo Security
