Date: Thu, 20 Sep 2012 12:30:27 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Jonathan Anderson <jonathan@FreeBSD.org> Cc: freebsd-security@FreeBSD.org, RW <rwmaillists@googlemail.com>, Mariusz Gromada <mariusz.gromada@gmail.com>, Pawel Jakub Dawidek <pjd@FreeBSD.org> Subject: Re: Collecting entropy from device_attach() times. Message-ID: <86392dt29o.fsf@ds4.des.no> In-Reply-To: <B2DE8ED23E0B43DFBE4A19603914B53D@FreeBSD.org> (Jonathan Anderson's message of "Thu, 20 Sep 2012 11:03:55 %2B0100") References: <20120918211422.GA1400@garage.freebsd.pl> <A8FD98DD94774D00B4E5F78D3174C1B4@gmail.com> <20120919192923.GA1416@garage.freebsd.pl> <20120919205331.GE1416@garage.freebsd.pl> <20120919231051.4bc5335b@gumby.homeunix.com> <86ipb9t5hj.fsf@ds4.des.no> <B2DE8ED23E0B43DFBE4A19603914B53D@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jonathan Anderson <jonathan@FreeBSD.org> writes: > For instance: on an embedded board with few devices, that uses FDT > rather than bus enumeration whatsits, perhaps the time is more > deterministic and therefore yields less entropy. The idea is that attach() initializes the hardware, which is where the unpredictability comes from. Yes, embedded devices will certainly have less of it, but they will still have *some*. And yes, we need data, which is why when I proposed this last week I also proposed a scheme to record what we feed into Yarrow pre-boot so we could inspect it and compare it across multiple boots. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86392dt29o.fsf>