SeedRNG is "sample" copy&pasteable code, meant to be included in various init systems and distros, for correctly seeding the Linux RNG from basic seed files, replacing a pretty diverse set of problematic scripts: git.zx2c4.com/seedrng/about/ git.zx2c4.com/seedrng/tree/s
Conversation
Replying to
Kernel itself could be taught to store/load a seed via pstore similar to how it uses it to store kernel logs for retrieval on next boot.
1
Replying to
That's a cool idea. Currently the closest thing we have to that is CONFIG_RANDOM_TRUST_BOOTLOADER=y, which leaves it up to the "bootloader" to provide something, somehow. While the BSD bootloaders handle seed files, what this actually amounts to is EFI or OF providing a seed. 1/2
1
So I suppose the thing to do would be to look at platforms that have working pstore but don't have EFI/OF seeds. Otoh, maybe people would trust pstore'd seeds more than blackbox EFI-provided seeds. An alternative approach would be to teach OSS bootloaders to handle this. 2/2
2
Replying to
There are a lot of mobile devices with pstore and no UEFI seed, although they have hardware CSPRNG support. The hardware CSPRNG support is rarely usable in very early boot though and gets initialized in early userspace when it's already too late to take care of some things well.