* [PATCH 0/3] rng-tools fixes and enhancements
@ 2017-07-10 19:37 Jan Kiszka
2017-07-10 19:37 ` [PATCH 1/3] rng-tools: Start as early as possible Jan Kiszka
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Jan Kiszka @ 2017-07-10 19:37 UTC (permalink / raw)
To: openembedded-core
See patches for details.
Jan Kiszka (3):
rng-tools: Start as early as possible
rng-tools: Don't use /dev/urandom as rngd default source
rng-tools: Add support for Atheros 9170 hwrng
meta/recipes-support/rng-tools/rng-tools/default | 11 +++++++++--
meta/recipes-support/rng-tools/rng-tools/init | 3 +++
meta/recipes-support/rng-tools/rng-tools_5.bb | 2 +-
3 files changed, 13 insertions(+), 3 deletions(-)
--
2.12.3
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/3] rng-tools: Start as early as possible
2017-07-10 19:37 [PATCH 0/3] rng-tools fixes and enhancements Jan Kiszka
@ 2017-07-10 19:37 ` Jan Kiszka
2017-07-10 19:37 ` [PATCH 2/3] rng-tools: Don't use /dev/urandom as rngd default source Jan Kiszka
2017-07-10 19:37 ` [PATCH 3/3] rng-tools: Add support for Atheros 9170 hwrng Jan Kiszka
2 siblings, 0 replies; 4+ messages in thread
From: Jan Kiszka @ 2017-07-10 19:37 UTC (permalink / raw)
To: openembedded-core
From: Jan Kiszka <jan.kiszka@siemens.com>
This helps systems with little architectural entropy to initialize the
random pool earlier. We just need to wait for udev so that drivers have
been probed already.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
meta/recipes-support/rng-tools/rng-tools_5.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-support/rng-tools/rng-tools_5.bb b/meta/recipes-support/rng-tools/rng-tools_5.bb
index de6e5f9a76..ba5076204c 100644
--- a/meta/recipes-support/rng-tools/rng-tools_5.bb
+++ b/meta/recipes-support/rng-tools/rng-tools_5.bb
@@ -41,4 +41,4 @@ do_install_append() {
}
INITSCRIPT_NAME = "rng-tools"
-INITSCRIPT_PARAMS = "start 30 2 3 4 5 . stop 30 0 6 1 ."
+INITSCRIPT_PARAMS = "start 05 S 0 6 . stop 30 0 6 1 ."
--
2.12.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/3] rng-tools: Don't use /dev/urandom as rngd default source
2017-07-10 19:37 [PATCH 0/3] rng-tools fixes and enhancements Jan Kiszka
2017-07-10 19:37 ` [PATCH 1/3] rng-tools: Start as early as possible Jan Kiszka
@ 2017-07-10 19:37 ` Jan Kiszka
2017-07-10 19:37 ` [PATCH 3/3] rng-tools: Add support for Atheros 9170 hwrng Jan Kiszka
2 siblings, 0 replies; 4+ messages in thread
From: Jan Kiszka @ 2017-07-10 19:37 UTC (permalink / raw)
To: openembedded-core
From: Jan Kiszka <jan.kiszka@siemens.com>
Big no-no when you want to have more than a toy device, so let's not
make this a default. See also https://lwn.net/Articles/525459.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
meta/recipes-support/rng-tools/rng-tools/default | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/rng-tools/rng-tools/default b/meta/recipes-support/rng-tools/rng-tools/default
index 7aede9be03..b968f2b789 100644
--- a/meta/recipes-support/rng-tools/rng-tools/default
+++ b/meta/recipes-support/rng-tools/rng-tools/default
@@ -1,3 +1,6 @@
# Specify rng device
-#RNG_DEVICE=/dev/hwrng
-RNG_DEVICE=/dev/urandom
+RNG_DEVICE=/dev/hwrng
+
+# Don't use urandom as source unless you fully understood what that does to
+# your system security!
+#RNG_DEVICE=/dev/urandom
--
2.12.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 3/3] rng-tools: Add support for Atheros 9170 hwrng
2017-07-10 19:37 [PATCH 0/3] rng-tools fixes and enhancements Jan Kiszka
2017-07-10 19:37 ` [PATCH 1/3] rng-tools: Start as early as possible Jan Kiszka
2017-07-10 19:37 ` [PATCH 2/3] rng-tools: Don't use /dev/urandom as rngd default source Jan Kiszka
@ 2017-07-10 19:37 ` Jan Kiszka
2 siblings, 0 replies; 4+ messages in thread
From: Jan Kiszka @ 2017-07-10 19:37 UTC (permalink / raw)
To: openembedded-core
From: Jan Kiszka <jan.kiszka@siemens.com>
Useful only on devices with no other sources: USB WLAN sticks based on
the Atheros 9170 (carl9170 kernel driver) provide a hardware random
generator. However, the interface needs to be up in order to is the
generator. That's not the case until ifup ran, but wpa_supplicant will
block this until the random pool is initialized.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
---
meta/recipes-support/rng-tools/rng-tools/default | 4 ++++
meta/recipes-support/rng-tools/rng-tools/init | 3 +++
2 files changed, 7 insertions(+)
diff --git a/meta/recipes-support/rng-tools/rng-tools/default b/meta/recipes-support/rng-tools/rng-tools/default
index b968f2b789..85c5833a32 100644
--- a/meta/recipes-support/rng-tools/rng-tools/default
+++ b/meta/recipes-support/rng-tools/rng-tools/default
@@ -4,3 +4,7 @@ RNG_DEVICE=/dev/hwrng
# Don't use urandom as source unless you fully understood what that does to
# your system security!
#RNG_DEVICE=/dev/urandom
+
+# Specify wlan interface to enable if rngd should use Atheros 9170 as source.
+# See kernel config help for the security limitations of this.
+#CARL9170_HWRNG_INTERFACE="wlan0"
diff --git a/meta/recipes-support/rng-tools/rng-tools/init b/meta/recipes-support/rng-tools/rng-tools/init
index 7cf78393a4..30cfc0f3d5 100644
--- a/meta/recipes-support/rng-tools/rng-tools/init
+++ b/meta/recipes-support/rng-tools/rng-tools/init
@@ -20,6 +20,9 @@ fi
case "$1" in
start)
echo -n "Starting random number generator daemon"
+ if [ -n "$CARL9170_HWRNG_INTERFACE" ]; then
+ ip link set $CARL9170_HWRNG_INTERFACE up
+ fi
start-stop-daemon -S -q -x $rngd $EXTRA_ARGS
echo "."
;;
--
2.12.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-07-10 19:42 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-07-10 19:37 [PATCH 0/3] rng-tools fixes and enhancements Jan Kiszka
2017-07-10 19:37 ` [PATCH 1/3] rng-tools: Start as early as possible Jan Kiszka
2017-07-10 19:37 ` [PATCH 2/3] rng-tools: Don't use /dev/urandom as rngd default source Jan Kiszka
2017-07-10 19:37 ` [PATCH 3/3] rng-tools: Add support for Atheros 9170 hwrng Jan Kiszka
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox