> When a new hardware RNG is registered by the kernel, it is used right away to add entropy to the system.
If I understand correctly, the new hwrng will be used immediately if there's no current active hwnrg or if the new hwrng quality is greater than the current active one and no userspace hwrng was set [0].
Also the "it is used right away" link is pointing to [1], but I'm wondering if it should not be pointing to [2] instead?
If you're looking to run software in a Nitro Enclave but work with it like a docker container or a Kubernetes pod, check out https://github.com/edgebitio/enclaver
sargun
I wish the article actually talked about the interesting nitro enclave specific features more. A lot of it just talks about the basic hardening of a Linux VM and writing secure applications.
stevelacy
> uncovering potential bugs that could compromise even these hardened environments
This seems to be a sensationalized statement. Apart from "trusting a black box" they didn't actually indicate an actual weakness, stating side-channel attacks as the obvious attack vector.
7e
Can these use hardware support like SEV-SNP?
cryptonector
This is a very well-written article full of useful links.
> When a new hardware RNG is registered by the kernel, it is used right away to add entropy to the system.
If I understand correctly, the new hwrng will be used immediately if there's no current active hwnrg or if the new hwrng quality is greater than the current active one and no userspace hwrng was set [0].
Also the "it is used right away" link is pointing to [1], but I'm wondering if it should not be pointing to [2] instead?
- [0] https://elixir.bootlin.com/linux/v6.11/source/drivers/char/h...
- [1] https://elixir.bootlin.com/linux/v6.11/source/drivers/char/h...
- [2] https://elixir.bootlin.com/linux/v6.11/source/drivers/char/h...