On 11/11/2013 11:32 AM, Kees Cook wrote: >>> >>> Why aren't the 3 sources of entropy XOR-ed together? > > Ah, excellent suggestion. There's no reason they couldn't be. I can > rework that function to do that. > >>> Also, we talked about also adding system dependent entropy sources, such >>> as memory layout or the DMI table - none of that seems to have happened. > > It seemed like those things didn't contribute as much entropy as the 3 > already in use, but I could investigate how to distill those things > down into entropy. Perhaps just XORing the start and length of every > e820 area? DMI I'll need to dig into... > DMI and ACPI are relatively straightforward: they are really just blocks of memory with magic pointers. Since you don't actually need to parse them, it is mostly just a matter of finding those blocks of memory and hashing them. You could also hash the BDA - the first 0x500 bytes of memory - although that starts to get into the "what about weird nontraditional platforms" space. A *MAJOR* issue with DMI and ACPI is that the way they are located is firmware dependent: there is a search algorithm defined for BIOS platforms, whereas on EFI I believe it requires doing runtime calls to find things. Of course, perhaps we could just hash struct boot_params as a starting point? -hpa -- To unsubscribe from this list: send the line "unsubscribe linux-tip-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html