18.09.2019 15:16, Willy Tarreau пишет:
> We've already discussed that point a few times. The issue is that
> bootloaders and/or BIOSes tend to wipe everything. Ideally we should
> let the boot loader collect entropy from the DDR training phase since
> it's a period where noise is observed. It's also the right moment to
> collect some random contents that may lie in the RAM cells.
> 
> Similarly asynchronous clocks driving external components can be used
> as well if you can measure their phase with the CPU's clock.

This does not correspond to my own observations. I have a setup where a 
secondary key is saved into RAM for unlocking a LUKS container after a 
reboot. It is documented by me (sorry, in Russian only) here: 
https://habr.com/ru/post/457396/ , will publish an English translation 
in my blog if I get at least one request (in private email, please).

The results so far are:

1. Desktop with MSI Z87I board: works.
2. Lenovo Yoga 2 Pro laptop: works.
3. Server based on the Intel Corporation S1200SPL board (available from 
OVH as EG-32): does not work, memory is cleared.
4. Cheap server based on Gooxi G1SCN-B board (the cheapes thing with 
IPMI available on bacloud.com): works.

So that's 75% of success stories (found at least one page that is 
preserved after the "reboot" command) based on my samples.

-- 
Alexander E. Patrakov