security things in Linux v4.9
https://outflux.net/blog/archives/2016/12/12/security-things-in-linux-v4-9/ [outflux.net]
2016-12-13 06:07
Not sure I concur with assessment of entropy gathering.
Since the branch and loop ordering is very specific to boot conditions, CPU quirks, memory layout, etc, this provides some additional uncertainty to the kernel’s entropy pool. Since the entropy actually gathered is hard to measure, no entropy is “credited”, but rather used to mix the existing pool further. Probably the best place to enable this plugin is on small devices without other strong sources of entropy.
It’s not a bad idea per se, but small devices without other entropy are also the most likely to have identical CPUs and memory layouts, etc.