> Date: Mon, 6 Nov 2017 07:30:35 +0100 > From: Maxime Villard <m...@m00nbsd.net> > > I would like to use a system similar to the /var/db/entropy-file > implementation. That is to say, when running the system generates > /var/db/random-file, which would contain at least 256bytes of random > data. When booting the bootloader reads this file, can use some of > its bytes to get random values. It then gives the file to the > prekern which will use some other parts of it. The prekern finally > gives the file to the kernel which can use the rest.
Seems to me we should just use one file, and the bootloader should use it as a seed for a PRNG from which it draws (a) kaslr bits, and (b) a seed for the entropy pool (which is currently just /var/db/entropy) The bootloader already reads a file. Teaching it to have a small cryptographic PRNG shouldn't be too hard. I'm still sitting on a draft Keccak-based entropy pool, whose Keccak implementation (https://mumble.net/~campbell/hg/sha3/keccak.c) likely fits in the constraints of a bootloader.