[Cryptography] where shall we put the random-seed?

Wed Dec 28 17:55:50 EST 2016

So ... I'm a bit puzzled. Early in boot there may not be enough seeding material to get good kernel address randomization. So why not boot without it into a special restricted mode which only allows pre-vetted code to run, gather up some good seed bits - and reboot, passing along the seed bits?  Takes a bit longer but if your concerns are at this level you should be willing to accept that. 

                                          -- Jerry