diff options
| author | dougb <dougb@FreeBSD.org> | 2001-01-11 13:01:20 +0000 |
|---|---|---|
| committer | dougb <dougb@FreeBSD.org> | 2001-01-11 13:01:20 +0000 |
| commit | ed0bc299d087ff5da618344681310644e7401700 (patch) | |
| tree | 6fc043516c0aa470d83378f1879f9a7cb9eee8cc /etc | |
| parent | 9213771385c22cde6b3f126a561bc3a8fe2de7b6 (diff) | |
| download | FreeBSD-src-ed0bc299d087ff5da618344681310644e7401700.zip FreeBSD-src-ed0bc299d087ff5da618344681310644e7401700.tar.gz | |
Add a system to save entropy from /dev/random periodically so that
it can be used to reseed at boot time. This will greatly increase
the chances that there will be sufficient entropy available at
boot time to prevent long delays.
For /etc/rc, remove the vmstat and iostat runs from the attempt
to provide some cheesy randomness if the files fail, since
those programs are dynamically linked, and ldd seems to want
some randomness to do its magic.
Guidance and parameters for this project were provided by
Mark Murray, based on the requirements of the Yarrow
algorithm. Some helpful suggestions for implementation
(including the tip about iostat and vmstat) were provided
by Sheldon Hearn. All blame for problems or mistakes is
mine of course.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/crontab | 3 | ||||
| -rw-r--r-- | etc/defaults/rc.conf | 3 | ||||
| -rw-r--r-- | etc/mtree/BSD.root.dist | 4 | ||||
| -rw-r--r-- | etc/rc | 36 |
4 files changed, 36 insertions, 10 deletions
diff --git a/etc/crontab b/etc/crontab index 784980c..1f0950e 100644 --- a/etc/crontab +++ b/etc/crontab @@ -8,6 +8,9 @@ HOME=/var/log # #minute hour mday month wday who command # +# save some entropy so that /dev/random can reseed on boot +*/3 * * * * operator /usr/libexec/save-entropy +# */5 * * * * root /usr/libexec/atrun # # rotate log files every hour, if necessary diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index b761564..7e3d276 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -324,6 +324,9 @@ start_vinum="" # set to YES to start vinum unaligned_print="YES" # print unaligned access warnings on the alpha (or NO). entropy_file="/entropy" # Set to NO to disable caching entropy through reboots. # /var/db/entropy is preferred if / is not available. +entropy_dir="/.entropy" # Set to NO to disable caching entropy via cron. +entropy_save_sz="2048" # Size of the entropy cache files. +entropy_save_num="8" # Number of entropy cache files to save. ############################################################## ### Define source_rc_confs, the mechanism used by /etc/rc.* ## diff --git a/etc/mtree/BSD.root.dist b/etc/mtree/BSD.root.dist index e6e9a4d..0fc9833 100644 --- a/etc/mtree/BSD.root.dist +++ b/etc/mtree/BSD.root.dist @@ -5,6 +5,10 @@ /set type=dir uname=root gname=wheel mode=0755 . +/set type=dir uname=operator gname=operator mode=0700 + .entropy + .. +/set type=dir uname=root gname=wheel mode=0755 bin .. boot @@ -102,16 +102,34 @@ chkdepend NIS nis_client_enable portmap portmap_enable # First pass at entropy recovery so the rebooting /dev/random can reseed. # +feed_dev_random() { + if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then + echo "Using ${1} as an entropy file" + cat ${1} > /dev/random 2> /dev/random && + entropy_reseeded=yes + fi +} + case ${entropy_file} in [Nn][Oo] | '') ;; *) if [ -w /dev/random ]; then - if [ -f "${entropy_file}" -a -r "${entropy_file}" -a \ - -s "${entropy_file}" ]; then - echo "Using ${entropy_file} as an entropy file" - cat ${entropy_file} > /dev/random 2> /dev/random - entropy_reseeded=yes + feed_dev_random "${entropy_file}" + fi + ;; +esac + +case ${entropy_dir} in +[Nn][Oo]) + ;; +*) + entropy_dir=${entropy_dir:-/.entropy} + if [ -d "${entropy_dir}" ]; then + if [ -w /dev/random ]; then + for seedfile in ${entropy_dir}/*; do + feed_dev_random "${seedfile}" + done fi fi ;; @@ -219,20 +237,18 @@ yes) if [ -w /dev/random ]; then if [ -f "${entropy_file}" -a -r "${entropy_file}" -a \ -s "${entropy_file}" ]; then - echo "Using ${entropy_file} as an entropy file" - cat ${entropy_file} > /dev/random 2> /dev/random + feed_dev_random "${entropy_file}" elif [ "${entropy_file}" != /var/db/entropy -a \ -f /var/db/entropy -a -r /var/db/entropy -a \ -s /var/db/entropy ]; then - echo 'Using /var/db/entropy as an entropy file' - cat /var/db/entropy > /dev/random 2> /dev/random + feed_dev_random /var/db/entropy else echo "Can't use ${entropy_file} as an entropy file, trying other sources" # XXX temporary until we can get the entropy # harvesting rate up # Entropy below is not great, # but better than nothing. - (ps -gauxwww; iostat; vmstat; sysctl -a; + (ps -gauxwww; sysctl -a; dmesg) | /bin/dd of=/dev/random bs=8k 2>/dev/null ( for i in /etc /var/run ; do cd $i ; ls -al ; cat * |
