cc63374a5a
We don't want it to be possible to re-read the RNG seed after ingesting it, because this ruins forward secrecy. Currently, however, the setup data section can just be re-read. Since the kernel is always read after the setup data, use the selection of the kernel as a trigger to re-initialize the RNG seed, just like we do on reboot, to preserve forward secrecy. Cc: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Message-Id: <20220922152847.3670513-1-Jason@zx2c4.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
||
---|---|---|
.. | ||
kvm | ||
xen | ||
acpi-build.c | ||
acpi-build.h | ||
acpi-common.c | ||
acpi-common.h | ||
acpi-microvm.c | ||
acpi-microvm.h | ||
amd_iommu.c | ||
amd_iommu.h | ||
e820_memory_layout.c | ||
e820_memory_layout.h | ||
fw_cfg.c | ||
fw_cfg.h | ||
generic_event_device_x86.c | ||
intel_iommu_internal.h | ||
intel_iommu.c | ||
Kconfig | ||
kvmvapic.c | ||
meson.build | ||
microvm-dt.c | ||
microvm-dt.h | ||
microvm.c | ||
multiboot.c | ||
multiboot.h | ||
pc_piix.c | ||
pc_q35.c | ||
pc_sysfw_ovmf-stubs.c | ||
pc_sysfw_ovmf.c | ||
pc_sysfw.c | ||
pc.c | ||
port92.c | ||
sgx-epc.c | ||
sgx-stub.c | ||
sgx.c | ||
trace-events | ||
trace.h | ||
vmmouse.c | ||
vmport.c | ||
x86-iommu-stub.c | ||
x86-iommu.c | ||
x86.c |