On Fri, Nov 15, 2013 at 10:45 AM, Dave Jones <davej@xxxxxxxxxx> wrote: > On Fri, Nov 15, 2013 at 10:33:04AM -0800, Kees Cook wrote: > > > Ingo wanted even more > > unpredictability, in the face of total failure from these more dynamic > > sources, so x86 also "seeds" itself with the build string and the > > boot_params. These last two are hardly high entropy, but they should > > at least make 2 different systems not have _identical_ entropy at the > > start. It's far from cryptographically secure, but it's something, I > > hope. > > Those are both likely to be the same on some configurations. > On x86, we could maybe hash the dmi tables ? Vendor stupidity aside, > things like serial numbers in those tables _should_ be different. Yeah, DMI tables were suggested as well. (Hopefully people will start using -uuid with KVM!) How hard would that be to hook up to the pre-random-init code? -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html