[PATCH 1/2] efi: add support for seeding the RNG from a UEFI config table
Kees Cook
keescook at chromium.org
Wed Oct 19 13:14:08 PDT 2016
On Wed, Oct 19, 2016 at 4:22 AM, Matt Fleming <matt at codeblueprint.co.uk> wrote:
> On Wed, 19 Oct, at 12:13:55PM, Ard Biesheuvel wrote:
>> On 19 October 2016 at 12:09, Mark Rutland <mark.rutland at arm.com> wrote:
>>
>> > I think to some extent this mush be treated as an ABI, given cases like
>> > kexec.
>> >
>>
>> Perhaps, yes. That would also allow GRUB or other EFI aware
>> bootloaders to generate the seed.
>
> If we're going to go down this route, we should try and get the GUID
> into the UEFI spec.
It seems like maybe under UEFI, both this table (which sounds like
it'll not be rotated regularly) could be mixed with calls to
EFI_PROTOCOL_RNG by the kernel? (Similar to how kaslr is seeded?)
-Kees
--
Kees Cook
Nexus Security
More information about the linux-arm-kernel
mailing list