diff options
| author | dougb <dougb@FreeBSD.org> | 2001-03-01 13:19:49 +0000 |
|---|---|---|
| committer | dougb <dougb@FreeBSD.org> | 2001-03-01 13:19:49 +0000 |
| commit | a488c869eddffac7352b85fce60036c065b4e27e (patch) | |
| tree | ad0f1dd8e80b762ead7900da3610f3670fd1599c /etc/rc | |
| parent | e34b063c8f640ab5d69ce191c90efc5cbbc675dd (diff) | |
| download | FreeBSD-src-a488c869eddffac7352b85fce60036c065b4e27e.zip FreeBSD-src-a488c869eddffac7352b85fce60036c065b4e27e.tar.gz | |
Add code to turn on the entropy harvesting sysctl's as early as possible
during the boot process. We're turning it on by default, based on the
actual presence of a configured ethernet card, and/or ppp/tun devices.
Of course, it's easy to disable in rc.conf.
Diffstat (limited to 'etc/rc')
| -rw-r--r-- | etc/rc | 78 |
1 files changed, 78 insertions, 0 deletions
@@ -107,6 +107,84 @@ chkdepend NFS nfs_server_enable portmap portmap_enable chkdepend NIS nis_server_enable portmap portmap_enable chkdepend NIS nis_client_enable portmap portmap_enable +# Enable harvesting of entropy via devices. The sooner this happens the +# better so that we can take advantage of the boot process. +# +echo -n 'Entropy harvesting:' + +case ${harvest_interrupt} in +[Nn][Oo]) + ;; +*) + if [ -w /dev/random ]; then + /sbin/sysctl -w kern.random.sys.harvest_interrupt=1 >/dev/null + echo -n ' interrupts' + fi + ;; +esac + +# Steal some code from rc.network to help determine what to enable. +case ${network_interfaces} in +[Aa][Uu][Tt][Oo]) + h_network_interfaces="`ifconfig -l`" + ;; +*) + h_network_interfaces="${network_interfaces}" + ;; +esac + +case ${harvest_ethernet} in +[Nn][Oo]) + ;; +*) + do_ether_harvest='' + + for h_ifn in ${h_network_interfaces}; do + eval h_ifconfig_args=\$ifconfig_${h_ifn} + case ${h_ifconfig_args} in + '') + ;; + *) + do_ether_harvest=1 + ;; + esac + done + + if [ -w /dev/random -a "${do_ether_harvest}" ]; then + /sbin/sysctl -w kern.random.sys.harvest_ethernet=1 >/dev/null + echo -n ' ethernet' + fi + ;; +esac + +case ${harvest_p_to_p} in +[Nn][Oo]) + ;; +*) + do_p_to_p_harvest='' + + # Other than user ppp, tun* will already exist + case "${h_network_interfaces}" in + *tun0*) + do_p_to_p_harvest=1 + ;; + esac + + case ${ppp_enable} in + [Yy][Ee][Ss]) + do_p_to_p_harvest=1 + ;; + esac + + if [ -w /dev/random -a "${do_p_to_p_harvest}" ]; then + /sbin/sysctl -w kern.random.sys.harvest_point_to_point=1 >/dev/null + echo -n ' point_to_point' + fi + ;; +esac + +echo '.' + # First pass at reseeding /dev/random. # # XXX temporary until we can get the entropy |
