[Cryptography] Improvements to RNG seeding in Linux 4.10

James A. Donald jamesd at echeque.com
Tue Feb 28 22:35:27 EST 2017


On 2/28/2017 4:45 PM, Marshall Pierce wrote:
> It seems that Linux 4.10 will get its entropy pool populated early in boot via UEFI.
>
> Commits:
> - https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=568bc4e87033d232c5fd00d5b0cd22a2ccc04944
> - https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=636259880a7e7d3446a707dddebc799da94bdd0b

UEFI means that device specific hardware can supply entropy.  Which 
makes sense given that only device specific hardware can access things 
that are truly random.

But chances are that the hardware will not have drivers to access device 
specific entropy, that since customers will not know, hardware makers 
will not bother.



More information about the cryptography mailing list