On 07/05/18 15:29, Theodore Y. Ts'o wrote:
Unfortunately, commit 43838a23a05f is needed to address CVE-2018-1108, which was reported by Jann Horn of Google's Project Zero. There are real problems with allowing programs to assume that they have a fully initialized cryptographic random number generation when they don't.
Thanks, Ted. I agree with your concerns. I tried to fix urandom to work when crng_init==1 but did not want to touch common code and risk reverting the security fixes.
Laurent, is there a workaround in plymouth space? Why does plymouth need random numbers?
Kind regards, -- Ben Caradoc-Davies <ben@transient.nz> Director Transient Software Limited <https://transient.nz/> New Zealand