* [PATCH 0/3] rng-tools fixes and enhancements
@ 2017-07-10 19:37 Jan Kiszka
2017-07-10 19:37 ` [PATCH 1/3] rng-tools: Start as early as possible Jan Kiszka
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Jan Kiszka @ 2017-07-10 19:37 UTC (permalink / raw)
To: openembedded-core
See patches for details.
Jan Kiszka (3):
rng-tools: Start as early as possible
rng-tools: Don't use /dev/urandom as rngd default source
rng-tools: Add support for Atheros 9170 hwrng
meta/recipes-support/rng-tools/rng-tools/default | 11 +++++++++--
meta/recipes-support/rng-tools/rng-tools/init | 3 +++
meta/recipes-support/rng-tools/rng-tools_5.bb | 2 +-
3 files changed, 13 insertions(+), 3 deletions(-)
--
2.12.3
^ permalink raw reply [flat|nested] 4+ messages in thread* [PATCH 1/3] rng-tools: Start as early as possible
2017-07-10 19:37 [PATCH 0/3] rng-tools fixes and enhancements Jan Kiszka
@ 2017-07-10 19:37 ` Jan Kiszka
2017-07-10 19:37 ` [PATCH 2/3] rng-tools: Don't use /dev/urandom as rngd default source Jan Kiszka
2017-07-10 19:37 ` [PATCH 3/3] rng-tools: Add support for Atheros 9170 hwrng Jan Kiszka
2 siblings, 0 replies; 4+ messages in thread
From: Jan Kiszka @ 2017-07-10 19:37 UTC (permalink / raw)
To: openembedded-core
From: Jan Kiszka <jan.kiszka@siemens.com>
This helps systems with little architectural entropy to initialize the
random pool earlier. We just need to wait for udev so that drivers have
been probed already.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
meta/recipes-support/rng-tools/rng-tools_5.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-support/rng-tools/rng-tools_5.bb b/meta/recipes-support/rng-tools/rng-tools_5.bb
index de6e5f9a76..ba5076204c 100644
--- a/meta/recipes-support/rng-tools/rng-tools_5.bb
+++ b/meta/recipes-support/rng-tools/rng-tools_5.bb
@@ -41,4 +41,4 @@ do_install_append() {
}
INITSCRIPT_NAME = "rng-tools"
-INITSCRIPT_PARAMS = "start 30 2 3 4 5 . stop 30 0 6 1 ."
+INITSCRIPT_PARAMS = "start 05 S 0 6 . stop 30 0 6 1 ."
--
2.12.3
^ permalink raw reply related [flat|nested] 4+ messages in thread* [PATCH 2/3] rng-tools: Don't use /dev/urandom as rngd default source
2017-07-10 19:37 [PATCH 0/3] rng-tools fixes and enhancements Jan Kiszka
2017-07-10 19:37 ` [PATCH 1/3] rng-tools: Start as early as possible Jan Kiszka
@ 2017-07-10 19:37 ` Jan Kiszka
2017-07-10 19:37 ` [PATCH 3/3] rng-tools: Add support for Atheros 9170 hwrng Jan Kiszka
2 siblings, 0 replies; 4+ messages in thread
From: Jan Kiszka @ 2017-07-10 19:37 UTC (permalink / raw)
To: openembedded-core
From: Jan Kiszka <jan.kiszka@siemens.com>
Big no-no when you want to have more than a toy device, so let's not
make this a default. See also https://lwn.net/Articles/525459.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
meta/recipes-support/rng-tools/rng-tools/default | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/rng-tools/rng-tools/default b/meta/recipes-support/rng-tools/rng-tools/default
index 7aede9be03..b968f2b789 100644
--- a/meta/recipes-support/rng-tools/rng-tools/default
+++ b/meta/recipes-support/rng-tools/rng-tools/default
@@ -1,3 +1,6 @@
# Specify rng device
-#RNG_DEVICE=/dev/hwrng
-RNG_DEVICE=/dev/urandom
+RNG_DEVICE=/dev/hwrng
+
+# Don't use urandom as source unless you fully understood what that does to
+# your system security!
+#RNG_DEVICE=/dev/urandom
--
2.12.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 3/3] rng-tools: Add support for Atheros 9170 hwrng
2017-07-10 19:37 [PATCH 0/3] rng-tools fixes and enhancements Jan Kiszka
2017-07-10 19:37 ` [PATCH 1/3] rng-tools: Start as early as possible Jan Kiszka
2017-07-10 19:37 ` [PATCH 2/3] rng-tools: Don't use /dev/urandom as rngd default source Jan Kiszka
@ 2017-07-10 19:37 ` Jan Kiszka
2 siblings, 0 replies; 4+ messages in thread
From: Jan Kiszka @ 2017-07-10 19:37 UTC (permalink / raw)
To: openembedded-core
From: Jan Kiszka <jan.kiszka@siemens.com>
Useful only on devices with no other sources: USB WLAN sticks based on
the Atheros 9170 (carl9170 kernel driver) provide a hardware random
generator. However, the interface needs to be up in order to is the
generator. That's not the case until ifup ran, but wpa_supplicant will
block this until the random pool is initialized.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
meta/recipes-support/rng-tools/rng-tools/default | 4 ++++
meta/recipes-support/rng-tools/rng-tools/init | 3 +++
2 files changed, 7 insertions(+)
diff --git a/meta/recipes-support/rng-tools/rng-tools/default b/meta/recipes-support/rng-tools/rng-tools/default
index b968f2b789..85c5833a32 100644
--- a/meta/recipes-support/rng-tools/rng-tools/default
+++ b/meta/recipes-support/rng-tools/rng-tools/default
@@ -4,3 +4,7 @@ RNG_DEVICE=/dev/hwrng
# Don't use urandom as source unless you fully understood what that does to
# your system security!
#RNG_DEVICE=/dev/urandom
+
+# Specify wlan interface to enable if rngd should use Atheros 9170 as source.
+# See kernel config help for the security limitations of this.
+#CARL9170_HWRNG_INTERFACE="wlan0"
diff --git a/meta/recipes-support/rng-tools/rng-tools/init b/meta/recipes-support/rng-tools/rng-tools/init
index 7cf78393a4..30cfc0f3d5 100644
--- a/meta/recipes-support/rng-tools/rng-tools/init
+++ b/meta/recipes-support/rng-tools/rng-tools/init
@@ -20,6 +20,9 @@ fi
case "$1" in
start)
echo -n "Starting random number generator daemon"
+ if [ -n "$CARL9170_HWRNG_INTERFACE" ]; then
+ ip link set $CARL9170_HWRNG_INTERFACE up
+ fi
start-stop-daemon -S -q -x $rngd $EXTRA_ARGS
echo "."
;;
--
2.12.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-07-10 19:42 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-07-10 19:37 [PATCH 0/3] rng-tools fixes and enhancements Jan Kiszka
2017-07-10 19:37 ` [PATCH 1/3] rng-tools: Start as early as possible Jan Kiszka
2017-07-10 19:37 ` [PATCH 2/3] rng-tools: Don't use /dev/urandom as rngd default source Jan Kiszka
2017-07-10 19:37 ` [PATCH 3/3] rng-tools: Add support for Atheros 9170 hwrng Jan Kiszka
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.