18.09.2019 15:16, Willy Tarreau пишет:
We've already discussed that point a few times. The issue is that bootloaders and/or BIOSes tend to wipe everything. Ideally we should let the boot loader collect entropy from the DDR training phase since it's a period where noise is observed. It's also the right moment to collect some random contents that may lie in the RAM cells. Similarly asynchronous clocks driving external components can be used as well if you can measure their phase with the CPU's clock.
This does not correspond to my own observations. I have a setup where a secondary key is saved into RAM for unlocking a LUKS container after a reboot. It is documented by me (sorry, in Russian only) here: https://habr.com/ru/post/457396/ , will publish an English translation in my blog if I get at least one request (in private email, please).
The results so far are: 1. Desktop with MSI Z87I board: works. 2. Lenovo Yoga 2 Pro laptop: works.3. Server based on the Intel Corporation S1200SPL board (available from OVH as EG-32): does not work, memory is cleared. 4. Cheap server based on Gooxi G1SCN-B board (the cheapes thing with IPMI available on bacloud.com): works.
So that's 75% of success stories (found at least one page that is preserved after the "reboot" command) based on my samples.
-- Alexander E. Patrakov
Attachment:
smime.p7s
Description: Криптографическая подпись S/MIME