1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-19 15:33:56 +00:00
freebsd/etc/rc.d/initrandom
David E. O'Brien 203b2f2fa4 * Rather than run the same 'ps' command twice, add 'kenv' which often
gives machine unique values from the firmware.
* The kernel is more likely to be unique than /bin/ls (but no need to
  stuff many megabytes into /dev/random, so hash it).
* Change ordering to give larger variance across reboots to reduce
  predictability.
2012-09-04 21:47:09 +00:00

90 lines
1.8 KiB
Bash
Executable File

#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: initrandom
# REQUIRE: dumpon ddb
# BEFORE: disks
# KEYWORD: nojail
. /etc/rc.subr
name="initrandom"
start_cmd="initrandom_start"
stop_cmd=":"
feed_dev_random()
{
if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then
cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null
fi
}
better_than_nothing()
{
# XXX temporary until we can improve the entropy
# harvesting rate.
# Entropy below is not great, but better than nothing.
# This unblocks the generator at startup
# Note: commands are ordered to cause the most variance across reboots.
( kenv; dmesg; df -ib; ps -fauxww; date; sysctl -a ) \
| dd of=/dev/random bs=8k 2>/dev/null
/sbin/sha256 -q `sysctl -n kern.bootfile` \
| dd of=/dev/random bs=8k 2>/dev/null
}
initrandom_start()
{
soft_random_generator=`sysctl kern.random 2>/dev/null`
echo -n 'Entropy harvesting:'
if [ \! -z "${soft_random_generator}" ] ; then
if [ -w /dev/random ]; then
if checkyesno harvest_interrupt; then
${SYSCTL} kern.random.sys.harvest.interrupt=1 >/dev/null
echo -n ' interrupts'
else
${SYSCTL} kern.random.sys.harvest.interrupt=0 >/dev/null
fi
if checkyesno harvest_ethernet; then
${SYSCTL} kern.random.sys.harvest.ethernet=1 >/dev/null
echo -n ' ethernet'
else
${SYSCTL} kern.random.sys.harvest.ethernet=0 >/dev/null
fi
if checkyesno harvest_p_to_p; then
${SYSCTL} kern.random.sys.harvest.point_to_point=1 >/dev/null
echo -n ' point_to_point'
else
${SYSCTL} kern.random.sys.harvest.point_to_point=0 >/dev/null
fi
fi
# First pass at reseeding /dev/random.
#
case ${entropy_file} in
[Nn][Oo] | '')
;;
*)
if [ -w /dev/random ]; then
feed_dev_random "${entropy_file}"
fi
;;
esac
better_than_nothing
echo -n ' kickstart'
fi
echo '.'
}
load_rc_config random
run_rc_command "$1"