gcc-plugins: Add latent_entropy plugin
This plugin mitigates the problem of the kernel having too little entropy
during and after boot for generating crypto keys.
It creates a local variable in every marked function. The value of this
variable is modified by randomly chosen operations (add, xor and rol) and
random values (gcc generates them at compile time and the stack pointer
at runtime). The resulting entropy depends on the control flow path (e.g.,
loops and branches taken).
Before the function returns the plugin writes this local variable into the
latent_entropy global variable. The value of this global variable is added
to the kernel entropy pool in do_one_initcall() and _do_fork().
Signed-off-by: Emese Revfy <re.emese@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
This page took 0.185186 seconds and 5 git commands to generate.