Skip to content

Commit

Permalink
Readd carrying on random seed between boots
Browse files Browse the repository at this point in the history 
This provides extra security for applications that blindly read from
/dev/urandom on boot without it being properly seeded first, which is a
concern for our Pine, as it generates relatively few entropy during
early boot.

In addition, if some misbehaved application thereafter insists on
reading from /dev/random, it will virtually have an endless supply of
random data via haveged.

However, applications concerned with good random numbers should use the
getrandom system call instead of the arguably bad designed /dev/random
and /dev/urandom interfaces, so these kind of workarounds would be
unnecessary.
  • Loading branch information
@AlexTMjugador
AlexTMjugador committed Sep 24, 2020
1 parent 1a1a94a commit 72b3fdd
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 2 deletions.
1 change: 1 addition & 0 deletions board/common/linux.config
View file
Original file line number Diff line number Diff line change
Expand Up @@ -603,6 +603,7 @@ CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC=y
CONFIG_BOOTPARAM_HUNG_TASK_PANIC=y
CONFIG_WQ_WATCHDOG=y
# CONFIG_DEBUG_PREEMPT is not set
CONFIG_WARN_ALL_UNSEEDED_RANDOM=y
CONFIG_BUG_ON_DATA_CORRUPTION=y
CONFIG_LATENCYTOP=y
# CONFIG_FTRACE is not set
Expand Down
3 changes: 2 additions & 1 deletion board/pinetainer/post-build.sh
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
#!/bin/sh

# Tweak network, dnsmasq, udev and haveged start order
# Tweak network, dnsmasq, udev, haveged and urandom seed storage start order
mv "${1:?}/etc/init.d/S40network" "${1:?}/etc/init.d/S03network.sh" 2>/dev/null || true
mv "${1:?}/etc/init.d/S20urandom" "${1:?}/etc/init.d/S01urandom.sh" 2>/dev/null || true
mv "${1:?}/etc/init.d/S80dnsmasq" "${1:?}/etc/init.d/S10dnsmasq.sh" 2>/dev/null || true
mv "${1:?}/etc/init.d/S10udev" "${1:?}/etc/init.d/S90udev.sh" 2>/dev/null || true
mv "${1:?}/etc/init.d/S21haveged" "${1:?}/etc/init.d/S01haveged.sh" 2>/dev/null || true
Expand Down
1 change: 0 additions & 1 deletion configs/pinetainer_defconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,6 @@ BR2_PACKAGE_TCPDUMP=y
BR2_PACKAGE_UACME=y
BR2_PACKAGE_UACME_UALPN=y
BR2_PACKAGE_WGET=y
# BR2_PACKAGE_URANDOM_SCRIPTS is not set
BR2_PACKAGE_AT=y
BR2_PACKAGE_LOGROTATE=y
BR2_PACKAGE_QPRINT=y
Expand Down

0 comments on commit 72b3fdd

Please sign in to comment.