Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-24 Thread Ard Biesheuvel
On 24 June 2016 at 03:11, Jason Cooper wrote: > Hi Ard, > > On Thu, Jun 23, 2016 at 10:05:53PM +0200, Ard Biesheuvel wrote: >> On 23 June 2016 at 21:58, Kees Cook wrote: >> > On Thu, Jun 23, 2016 at 12:33 PM, Jason Cooper >> >

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-24 Thread Ard Biesheuvel
On 24 June 2016 at 03:11, Jason Cooper wrote: > Hi Ard, > > On Thu, Jun 23, 2016 at 10:05:53PM +0200, Ard Biesheuvel wrote: >> On 23 June 2016 at 21:58, Kees Cook wrote: >> > On Thu, Jun 23, 2016 at 12:33 PM, Jason Cooper >> > wrote: >> >> On Wed, Jun 22, 2016 at 10:05:51AM -0700, Kees Cook

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-23 Thread Jason Cooper
Hi Ard, On Thu, Jun 23, 2016 at 10:05:53PM +0200, Ard Biesheuvel wrote: > On 23 June 2016 at 21:58, Kees Cook wrote: > > On Thu, Jun 23, 2016 at 12:33 PM, Jason Cooper wrote: > >> On Wed, Jun 22, 2016 at 10:05:51AM -0700, Kees Cook wrote: > >>> On

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-23 Thread Jason Cooper
Hi Ard, On Thu, Jun 23, 2016 at 10:05:53PM +0200, Ard Biesheuvel wrote: > On 23 June 2016 at 21:58, Kees Cook wrote: > > On Thu, Jun 23, 2016 at 12:33 PM, Jason Cooper wrote: > >> On Wed, Jun 22, 2016 at 10:05:51AM -0700, Kees Cook wrote: > >>> On Wed, Jun 22, 2016 at 8:59 AM, Thomas Garnier

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-23 Thread Jason Cooper
On Thu, Jun 23, 2016 at 12:59:07PM -0700, Kees Cook wrote: > On Thu, Jun 23, 2016 at 12:45 PM, Sandy Harris wrote: > > Jason Cooper wrote: > > > >> Modern systems that receive a seed from the bootloader via the > >> random-seed property (typically

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-23 Thread Jason Cooper
On Thu, Jun 23, 2016 at 12:59:07PM -0700, Kees Cook wrote: > On Thu, Jun 23, 2016 at 12:45 PM, Sandy Harris wrote: > > Jason Cooper wrote: > > > >> Modern systems that receive a seed from the bootloader via the > >> random-seed property (typically from the hw-rng) can mix both sources > >> for

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-23 Thread Jason Cooper
Hey Sandy, On Thu, Jun 23, 2016 at 03:45:54PM -0400, Sandy Harris wrote: > Jason Cooper wrote: > > > Modern systems that receive a seed from the bootloader via the > > random-seed property (typically from the hw-rng) can mix both sources > > for increased resilience. > > >

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-23 Thread Jason Cooper
Hey Sandy, On Thu, Jun 23, 2016 at 03:45:54PM -0400, Sandy Harris wrote: > Jason Cooper wrote: > > > Modern systems that receive a seed from the bootloader via the > > random-seed property (typically from the hw-rng) can mix both sources > > for increased resilience. > > > > Unfortunately, I'm

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-23 Thread Ard Biesheuvel
On 23 June 2016 at 21:58, Kees Cook wrote: > On Thu, Jun 23, 2016 at 12:33 PM, Jason Cooper wrote: >> Hey Kees, Thomas, >> >> On Wed, Jun 22, 2016 at 10:05:51AM -0700, Kees Cook wrote: >>> On Wed, Jun 22, 2016 at 8:59 AM, Thomas Garnier

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-23 Thread Ard Biesheuvel
On 23 June 2016 at 21:58, Kees Cook wrote: > On Thu, Jun 23, 2016 at 12:33 PM, Jason Cooper wrote: >> Hey Kees, Thomas, >> >> On Wed, Jun 22, 2016 at 10:05:51AM -0700, Kees Cook wrote: >>> On Wed, Jun 22, 2016 at 8:59 AM, Thomas Garnier wrote: >>> > On Wed, Jun 22, 2016 at 5:47 AM, Jason Cooper

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-23 Thread Kees Cook
On Thu, Jun 23, 2016 at 12:45 PM, Sandy Harris wrote: > Jason Cooper wrote: > >> Modern systems that receive a seed from the bootloader via the >> random-seed property (typically from the hw-rng) can mix both sources >> for increased resilience. >>

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-23 Thread Kees Cook
On Thu, Jun 23, 2016 at 12:45 PM, Sandy Harris wrote: > Jason Cooper wrote: > >> Modern systems that receive a seed from the bootloader via the >> random-seed property (typically from the hw-rng) can mix both sources >> for increased resilience. >> >> Unfortunately, I'm not very familiar with

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-23 Thread Kees Cook
On Thu, Jun 23, 2016 at 12:33 PM, Jason Cooper wrote: > Hey Kees, Thomas, > > On Wed, Jun 22, 2016 at 10:05:51AM -0700, Kees Cook wrote: >> On Wed, Jun 22, 2016 at 8:59 AM, Thomas Garnier wrote: >> > On Wed, Jun 22, 2016 at 5:47 AM, Jason Cooper

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-23 Thread Kees Cook
On Thu, Jun 23, 2016 at 12:33 PM, Jason Cooper wrote: > Hey Kees, Thomas, > > On Wed, Jun 22, 2016 at 10:05:51AM -0700, Kees Cook wrote: >> On Wed, Jun 22, 2016 at 8:59 AM, Thomas Garnier wrote: >> > On Wed, Jun 22, 2016 at 5:47 AM, Jason Cooper wrote: >> >> Hey Kees, >> >> >> >> On Tue, Jun

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-23 Thread Sandy Harris
Jason Cooper wrote: > Modern systems that receive a seed from the bootloader via the > random-seed property (typically from the hw-rng) can mix both sources > for increased resilience. > > Unfortunately, I'm not very familiar with the internals of x86 > bootstrapping.

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-23 Thread Sandy Harris
Jason Cooper wrote: > Modern systems that receive a seed from the bootloader via the > random-seed property (typically from the hw-rng) can mix both sources > for increased resilience. > > Unfortunately, I'm not very familiar with the internals of x86 > bootstrapping. Could GRUB be scripted to

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-23 Thread Jason Cooper
Hey Kees, Thomas, On Wed, Jun 22, 2016 at 10:05:51AM -0700, Kees Cook wrote: > On Wed, Jun 22, 2016 at 8:59 AM, Thomas Garnier wrote: > > On Wed, Jun 22, 2016 at 5:47 AM, Jason Cooper wrote: > >> Hey Kees, > >> > >> On Tue, Jun 21, 2016 at 05:46:57PM

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-23 Thread Jason Cooper
Hey Kees, Thomas, On Wed, Jun 22, 2016 at 10:05:51AM -0700, Kees Cook wrote: > On Wed, Jun 22, 2016 at 8:59 AM, Thomas Garnier wrote: > > On Wed, Jun 22, 2016 at 5:47 AM, Jason Cooper wrote: > >> Hey Kees, > >> > >> On Tue, Jun 21, 2016 at 05:46:57PM -0700, Kees Cook wrote: > >>> Notable

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-22 Thread Kees Cook
On Wed, Jun 22, 2016 at 8:59 AM, Thomas Garnier wrote: > On Wed, Jun 22, 2016 at 5:47 AM, Jason Cooper wrote: >> Hey Kees, >> >> On Tue, Jun 21, 2016 at 05:46:57PM -0700, Kees Cook wrote: >>> Notable problems that needed solving: >> ... >>> -

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-22 Thread Kees Cook
On Wed, Jun 22, 2016 at 8:59 AM, Thomas Garnier wrote: > On Wed, Jun 22, 2016 at 5:47 AM, Jason Cooper wrote: >> Hey Kees, >> >> On Tue, Jun 21, 2016 at 05:46:57PM -0700, Kees Cook wrote: >>> Notable problems that needed solving: >> ... >>> - Reasonable entropy is needed early at boot before

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-22 Thread Thomas Garnier
On Wed, Jun 22, 2016 at 5:47 AM, Jason Cooper wrote: > Hey Kees, > > On Tue, Jun 21, 2016 at 05:46:57PM -0700, Kees Cook wrote: >> Notable problems that needed solving: > ... >> - Reasonable entropy is needed early at boot before get_random_bytes() >>is available. > >

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-22 Thread Thomas Garnier
On Wed, Jun 22, 2016 at 5:47 AM, Jason Cooper wrote: > Hey Kees, > > On Tue, Jun 21, 2016 at 05:46:57PM -0700, Kees Cook wrote: >> Notable problems that needed solving: > ... >> - Reasonable entropy is needed early at boot before get_random_bytes() >>is available. > > This series is

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-22 Thread Jason Cooper
Hey Kees, On Tue, Jun 21, 2016 at 05:46:57PM -0700, Kees Cook wrote: > Notable problems that needed solving: ... > - Reasonable entropy is needed early at boot before get_random_bytes() >is available. This series is targetting x86, which typically has RDRAND/RDSEED instructions. Are you

Re: [kernel-hardening] [PATCH v7 0/9] x86/mm: memory area address KASLR

2016-06-22 Thread Jason Cooper
Hey Kees, On Tue, Jun 21, 2016 at 05:46:57PM -0700, Kees Cook wrote: > Notable problems that needed solving: ... > - Reasonable entropy is needed early at boot before get_random_bytes() >is available. This series is targetting x86, which typically has RDRAND/RDSEED instructions. Are you