diff options
author | dougb <dougb@FreeBSD.org> | 2001-03-01 13:19:49 +0000 |
---|---|---|
committer | dougb <dougb@FreeBSD.org> | 2001-03-01 13:19:49 +0000 |
commit | a488c869eddffac7352b85fce60036c065b4e27e (patch) | |
tree | ad0f1dd8e80b762ead7900da3610f3670fd1599c /etc | |
parent | e34b063c8f640ab5d69ce191c90efc5cbbc675dd (diff) | |
download | FreeBSD-src-a488c869eddffac7352b85fce60036c065b4e27e.zip FreeBSD-src-a488c869eddffac7352b85fce60036c065b4e27e.tar.gz |
Add code to turn on the entropy harvesting sysctl's as early as possible
during the boot process. We're turning it on by default, based on the
actual presence of a configured ethernet card, and/or ppp/tun devices.
Of course, it's easy to disable in rc.conf.
Diffstat (limited to 'etc')
-rw-r--r-- | etc/defaults/rc.conf | 3 | ||||
-rw-r--r-- | etc/rc | 78 |
2 files changed, 81 insertions, 0 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index 0607ba9..47789db 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -332,6 +332,9 @@ entropy_file="/entropy" # Set to NO to disable caching entropy through reboots. entropy_dir="/var/db/entropy" # Set to NO to disable caching entropy via cron. entropy_save_sz="2048" # Size of the entropy cache files. entropy_save_num="8" # Number of entropy cache files to save. +harvest_interrupt="YES" # Entropy device harvests interrupt randomness +harvest_ethernet="" # Entropy device harvests ethernet randomness +harvest_p_to_p="" # Entropy device harvests point-to-point randomness ############################################################## ### Define source_rc_confs, the mechanism used by /etc/rc.* ## @@ -107,6 +107,84 @@ chkdepend NFS nfs_server_enable portmap portmap_enable chkdepend NIS nis_server_enable portmap portmap_enable chkdepend NIS nis_client_enable portmap portmap_enable +# Enable harvesting of entropy via devices. The sooner this happens the +# better so that we can take advantage of the boot process. +# +echo -n 'Entropy harvesting:' + +case ${harvest_interrupt} in +[Nn][Oo]) + ;; +*) + if [ -w /dev/random ]; then + /sbin/sysctl -w kern.random.sys.harvest_interrupt=1 >/dev/null + echo -n ' interrupts' + fi + ;; +esac + +# Steal some code from rc.network to help determine what to enable. +case ${network_interfaces} in +[Aa][Uu][Tt][Oo]) + h_network_interfaces="`ifconfig -l`" + ;; +*) + h_network_interfaces="${network_interfaces}" + ;; +esac + +case ${harvest_ethernet} in +[Nn][Oo]) + ;; +*) + do_ether_harvest='' + + for h_ifn in ${h_network_interfaces}; do + eval h_ifconfig_args=\$ifconfig_${h_ifn} + case ${h_ifconfig_args} in + '') + ;; + *) + do_ether_harvest=1 + ;; + esac + done + + if [ -w /dev/random -a "${do_ether_harvest}" ]; then + /sbin/sysctl -w kern.random.sys.harvest_ethernet=1 >/dev/null + echo -n ' ethernet' + fi + ;; +esac + +case ${harvest_p_to_p} in +[Nn][Oo]) + ;; +*) + do_p_to_p_harvest='' + + # Other than user ppp, tun* will already exist + case "${h_network_interfaces}" in + *tun0*) + do_p_to_p_harvest=1 + ;; + esac + + case ${ppp_enable} in + [Yy][Ee][Ss]) + do_p_to_p_harvest=1 + ;; + esac + + if [ -w /dev/random -a "${do_p_to_p_harvest}" ]; then + /sbin/sysctl -w kern.random.sys.harvest_point_to_point=1 >/dev/null + echo -n ' point_to_point' + fi + ;; +esac + +echo '.' + # First pass at reseeding /dev/random. # # XXX temporary until we can get the entropy |