On Wed, 16 Dec 2020 11:41:15 +0100
matthias....@kernel.org wrote:
> From: Matthias Brugger <mbrug...@suse.com>
>
>
> For now bootp and uuid code use a weak seed for generating random
> data. U-Boot as support for RNG devices now, so we should change to
> code to use them if they are present. This will help mitigate issues
> like seen in CVE-2019-11690.
First of all: thanks for bringing this up. These patches are a big
improvement over the current state.
But: thinking about this further, it could be possible to give U-Boot a
lightweight version of a complete entropy keeper, with /dev/random and
/dev/urandom functionality. Linux, for example, will happily randomise
the kernel address layout, if it's configured and the boot loader
provides enough entropy...
But for now this should be good enough.
Torsten
