Re: [PATCH v3 0/3] efi: consume random seed provided by loader

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Oct 20, 2022 at 07:06:33PM +0200, Ard Biesheuvel wrote:
> On Thu, 20 Oct 2022 at 18:37, Jason A. Donenfeld <Jason@xxxxxxxxx> wrote:
> >
> > On Thu, Oct 20, 2022 at 2:40 AM Ard Biesheuvel <ardb@xxxxxxxxxx> wrote:
> > > For maximum simplicity, just concatenate the existing seed with the one
> > > obtained from EFI_RNG_PROTOCOL if both are available, and leave it to
> > > the core kernel code to mix it in and credit it appropriately. This way,
> > > we have no need for copies of the Blake2s library in the EFI stub and in
> > > the zboot decompressor.
> >
> > FTR, while I think this is okay for the final stage that the kernel's
> > EFI loader does, it's less good for earlier stages. So, for example,
> > systemd-boot should still use the hashing scheme we discussed.
> 
> Not sure I follow. systemd-boot will put a seed in memory and publish
> it via the the table. How does hashing come into play here?

If systemd-boot is executed by another bootloader.



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux