diff options
| author | markm <markm@FreeBSD.org> | 2013-10-06 12:43:42 +0000 |
|---|---|---|
| committer | markm <markm@FreeBSD.org> | 2013-10-06 12:43:42 +0000 |
| commit | eba8205cfa61df69aa2320349e9bc038fe22416f (patch) | |
| tree | 0a73b6a447ea383c71eff5ab2ff968228ea342ea | |
| parent | 0643acd34d203434b5eee69085ba0e8f884f5ab5 (diff) | |
| download | FreeBSD-src-eba8205cfa61df69aa2320349e9bc038fe22416f.zip FreeBSD-src-eba8205cfa61df69aa2320349e9bc038fe22416f.tar.gz | |
As userland writing to /dev/random is no more, remove the "better than nothing" bootstrap mode.
Add SWI harvesting to the mix.
My box seeds Yarrow by itself in a few seconds! YMMV; more to follow.
| -rw-r--r-- | etc/defaults/rc.conf | 1 | ||||
| -rwxr-xr-x | etc/rc.d/initrandom | 40 |
2 files changed, 7 insertions, 34 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index 80f279d..e748dc0 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -651,6 +651,7 @@ entropy_save_num="8" # Number of entropy cache files to save. harvest_interrupt="YES" # Entropy device harvests interrupt randomness harvest_ethernet="YES" # Entropy device harvests ethernet randomness harvest_p_to_p="YES" # Entropy device harvests point-to-point randomness +harvest_swi="YES" # Entropy device harvests internal SWI randomness dmesg_enable="YES" # Save dmesg(8) to /var/run/dmesg.boot watchdogd_enable="NO" # Start the software watchdog daemon watchdogd_flags="" # Flags to watchdogd (if enabled) diff --git a/etc/rc.d/initrandom b/etc/rc.d/initrandom index 4783873..907668b 100755 --- a/etc/rc.d/initrandom +++ b/etc/rc.d/initrandom @@ -14,26 +14,6 @@ name="initrandom" start_cmd="initrandom_start" stop_cmd=":" -feed_dev_random() -{ - if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then - cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null - fi -} - -better_than_nothing() -{ - # XXX temporary until we can improve the entropy - # harvesting rate. - # Entropy below is not great, but better than nothing. - # This unblocks the generator at startup - # Note: commands are ordered to cause the most variance across reboots. - ( kenv; dmesg; df -ib; ps -fauxww; date; sysctl -a ) \ - | dd of=/dev/random bs=8k 2>/dev/null - /sbin/sha256 -q `sysctl -n kern.bootfile` \ - | dd of=/dev/random bs=8k 2>/dev/null -} - initrandom_start() { soft_random_generator=`sysctl kern.random 2>/dev/null` @@ -63,23 +43,15 @@ initrandom_start() else ${SYSCTL} kern.random.sys.harvest.point_to_point=0 >/dev/null fi - fi - # First pass at reseeding /dev/random. - # - case ${entropy_file} in - [Nn][Oo] | '') - ;; - *) - if [ -w /dev/random ]; then - feed_dev_random "${entropy_file}" + if checkyesno harvest_swi; then + ${SYSCTL} kern.random.sys.harvest.swi=1 >/dev/null + echo -n ' swi' + else + ${SYSCTL} kern.random.sys.harvest.swi=0 >/dev/null fi - ;; - esac - - better_than_nothing + fi - echo -n ' kickstart' fi echo '.' |
