Collecting entropy from device_attach() times.
Dag-Erling Smørgrav
des at des.no
Thu Sep 20 10:30:31 UTC 2012
Jonathan Anderson <jonathan at FreeBSD.org> writes:
> For instance: on an embedded board with few devices, that uses FDT
> rather than bus enumeration whatsits, perhaps the time is more
> deterministic and therefore yields less entropy.
The idea is that attach() initializes the hardware, which is where the
unpredictability comes from. Yes, embedded devices will certainly have
less of it, but they will still have *some*. And yes, we need data,
which is why when I proposed this last week I also proposed a scheme to
record what we feed into Yarrow pre-boot so we could inspect it and
compare it across multiple boots.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list