Add code to turn on the entropy harvesting sysctl's as early as possible
during the boot process. We're turning it on by default, based on the actual presence of a configured ethernet card, and/or ppp/tun devices. Of course, it's easy to disable in rc.conf.
This commit is contained in:
Doug Barton
parent
1edf3f9bdb
commit
bbee5785ca
@ -332,6 +332,9 @@ entropy_file="/entropy" # Set to NO to disable caching entropy through reboots.
|
||||
entropy_dir="/var/db/entropy" # Set to NO to disable caching entropy via cron.
|
||||
entropy_save_sz="2048" # Size of the entropy cache files.
|
||||
entropy_save_num="8" # Number of entropy cache files to save.
|
||||
harvest_interrupt="YES" # Entropy device harvests interrupt randomness
|
||||
harvest_ethernet="" # Entropy device harvests ethernet randomness
|
||||
harvest_p_to_p="" # Entropy device harvests point-to-point randomness
|
||||
|
||||
##############################################################
|
||||
### Define source_rc_confs, the mechanism used by /etc/rc.* ##
|
||||
|
||||
78
etc/rc
78
etc/rc
@ -107,6 +107,84 @@ chkdepend NFS nfs_server_enable portmap portmap_enable
|
||||
chkdepend NIS nis_server_enable portmap portmap_enable
|
||||
chkdepend NIS nis_client_enable portmap portmap_enable
|
||||
|
||||
# Enable harvesting of entropy via devices. The sooner this happens the
|
||||
# better so that we can take advantage of the boot process.
|
||||
#
|
||||
echo -n 'Entropy harvesting:'
|
||||
|
||||
case ${harvest_interrupt} in
|
||||
[Nn][Oo])
|
||||
;;
|
||||
*)
|
||||
if [ -w /dev/random ]; then
|
||||
/sbin/sysctl -w kern.random.sys.harvest_interrupt=1 >/dev/null
|
||||
echo -n ' interrupts'
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
# Steal some code from rc.network to help determine what to enable.
|
||||
case ${network_interfaces} in
|
||||
[Aa][Uu][Tt][Oo])
|
||||
h_network_interfaces="`ifconfig -l`"
|
||||
;;
|
||||
*)
|
||||
h_network_interfaces="${network_interfaces}"
|
||||
;;
|
||||
esac
|
||||
|
||||
case ${harvest_ethernet} in
|
||||
[Nn][Oo])
|
||||
;;
|
||||
*)
|
||||
do_ether_harvest=''
|
||||
|
||||
for h_ifn in ${h_network_interfaces}; do
|
||||
eval h_ifconfig_args=\$ifconfig_${h_ifn}
|
||||
case ${h_ifconfig_args} in
|
||||
'')
|
||||
;;
|
||||
*)
|
||||
do_ether_harvest=1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ -w /dev/random -a "${do_ether_harvest}" ]; then
|
||||
/sbin/sysctl -w kern.random.sys.harvest_ethernet=1 >/dev/null
|
||||
echo -n ' ethernet'
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
case ${harvest_p_to_p} in
|
||||
[Nn][Oo])
|
||||
;;
|
||||
*)
|
||||
do_p_to_p_harvest=''
|
||||
|
||||
# Other than user ppp, tun* will already exist
|
||||
case "${h_network_interfaces}" in
|
||||
*tun0*)
|
||||
do_p_to_p_harvest=1
|
||||
;;
|
||||
esac
|
||||
|
||||
case ${ppp_enable} in
|
||||
[Yy][Ee][Ss])
|
||||
do_p_to_p_harvest=1
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -w /dev/random -a "${do_p_to_p_harvest}" ]; then
|
||||
/sbin/sysctl -w kern.random.sys.harvest_point_to_point=1 >/dev/null
|
||||
echo -n ' point_to_point'
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
echo '.'
|
||||
|
||||
# First pass at reseeding /dev/random.
|
||||
#
|
||||
# XXX temporary until we can get the entropy
|
||||
|
||||
Loading…
Reference in New Issue
Block a user