By the way, if anyone is interested in working on this related
problem:
https://news.ycombinator.com/item?id=16976421
The reason why this is hard is because Linux is supported on a
great number of architectures, and some architectures have more
than one boot loader that is used. The approach of letting the
bootloader pass seed entropy is the right answer in general, I
agree, but unlike OpenBSD we can't assume that it will always be
present. (OpenBSD only supports a limited number of architectures,
and a single bootloader.) Hence, no matter what, we have to have
fallback mechanisms for dealing with the case where we have a
bootloader which doesn't pass a seed to the kernel.
The other issue is that I don't get paid to work on the random
driver in Linux. I've been looking for volunteers to work with the
grub, syslinux, efistub, not to mention all of the various signed
bootloaders used by different Android devices, but because we had a
fallback mechanism there is less motivation for people to want to
work on this.
This would actually be a great intern project or GSOC project, but
this have been so hectic this year, personally and professionally,
I didn't have the time to commit to hosting an intern or GSOC
student this summer. :-(
Send me an note, and let's talk. :-)
- Ted
