On Wed, Dec 16, 2020 at 1:17 PM Torsten Duwe <d...@lst.de> wrote: > > On Wed, 16 Dec 2020 11:41:15 +0100 > matthias....@kernel.org wrote: > > > From: Matthias Brugger <mbrug...@suse.com> > > > > > > For now bootp and uuid code use a weak seed for generating random > > data. U-Boot as support for RNG devices now, so we should change to > > code to use them if they are present. This will help mitigate issues > > like seen in CVE-2019-11690. > > First of all: thanks for bringing this up. These patches are a big > improvement over the current state. > > But: thinking about this further, it could be possible to give U-Boot a > lightweight version of a complete entropy keeper, with /dev/random and > /dev/urandom functionality. Linux, for example, will happily randomise > the kernel address layout, if it's configured and the boot loader > provides enough entropy...
That functionality is already available with U-Boot via the UEFI random seed functionality if you're booting Linux using U-Boot's UEFI support.
