30fc7390d1
gives machine unique values from the firmware. * The kernel is more likely to be unique than /bin/ls (but no need to stuff many megabytes into /dev/random, so hash it). * Change ordering to give larger variance across reboots to reduce predictability.
90 lines
1.8 KiB
Bash
Executable File
90 lines
1.8 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# PROVIDE: initrandom
|
|
# REQUIRE: dumpon ddb
|
|
# BEFORE: disks
|
|
# KEYWORD: nojail
|
|
|
|
. /etc/rc.subr
|
|
|
|
name="initrandom"
|
|
start_cmd="initrandom_start"
|
|
stop_cmd=":"
|
|
|
|
feed_dev_random()
|
|
{
|
|
if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then
|
|
cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null
|
|
fi
|
|
}
|
|
|
|
better_than_nothing()
|
|
{
|
|
# XXX temporary until we can improve the entropy
|
|
# harvesting rate.
|
|
# Entropy below is not great, but better than nothing.
|
|
# This unblocks the generator at startup
|
|
# Note: commands are ordered to cause the most variance across reboots.
|
|
( kenv; dmesg; df -ib; ps -fauxww; date; sysctl -a ) \
|
|
| dd of=/dev/random bs=8k 2>/dev/null
|
|
/sbin/sha256 -q `sysctl -n kern.bootfile` \
|
|
| dd of=/dev/random bs=8k 2>/dev/null
|
|
}
|
|
|
|
initrandom_start()
|
|
{
|
|
soft_random_generator=`sysctl kern.random 2>/dev/null`
|
|
|
|
echo -n 'Entropy harvesting:'
|
|
|
|
if [ \! -z "${soft_random_generator}" ] ; then
|
|
|
|
if [ -w /dev/random ]; then
|
|
if checkyesno harvest_interrupt; then
|
|
${SYSCTL} kern.random.sys.harvest.interrupt=1 >/dev/null
|
|
echo -n ' interrupts'
|
|
else
|
|
${SYSCTL} kern.random.sys.harvest.interrupt=0 >/dev/null
|
|
fi
|
|
|
|
if checkyesno harvest_ethernet; then
|
|
${SYSCTL} kern.random.sys.harvest.ethernet=1 >/dev/null
|
|
echo -n ' ethernet'
|
|
else
|
|
${SYSCTL} kern.random.sys.harvest.ethernet=0 >/dev/null
|
|
fi
|
|
|
|
if checkyesno harvest_p_to_p; then
|
|
${SYSCTL} kern.random.sys.harvest.point_to_point=1 >/dev/null
|
|
echo -n ' point_to_point'
|
|
else
|
|
${SYSCTL} kern.random.sys.harvest.point_to_point=0 >/dev/null
|
|
fi
|
|
fi
|
|
|
|
# First pass at reseeding /dev/random.
|
|
#
|
|
case ${entropy_file} in
|
|
[Nn][Oo] | '')
|
|
;;
|
|
*)
|
|
if [ -w /dev/random ]; then
|
|
feed_dev_random "${entropy_file}"
|
|
fi
|
|
;;
|
|
esac
|
|
|
|
better_than_nothing
|
|
|
|
echo -n ' kickstart'
|
|
fi
|
|
|
|
echo '.'
|
|
}
|
|
|
|
load_rc_config random
|
|
run_rc_command "$1"
|