On 02 Jan, 2016, at 12:01 EST, Taylor R Campbell <campbell+netbsd-tech-kern%mumble.net@localhost> wrote: > Date: Fri, 1 Jan 2016 14:37:53 -0500 > From: Thor Lancelot Simon <tls%panix.com@localhost> > If I do that, we'll get a cpurng entropy source even on CPUs that don't > actually have one. I'd rather not. > > In that case, why not make cpu_rng_init tell the caller whether or not > there is a CPU RNG? It seems to me the CPU feature bits should > determine the presence of the rndsource, not the dynamic behaviour of > the hardware itself. I can't pretend to have been following this terribly close, but isn't "a CPU that claims to have a cpurng entropy source but is lying" kind of a threat model here? (Ala Juniper's recent hoopla.) -- Gabriel Rosenkoetter gr%eclipsed.net@localhost
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail