2edc017a6e
The RNG can't actually be seeded from a shell script, due to the reliance on ioctls. For this reason, the seedrng project provides a basic script meant to be copy and pasted into projects like OpenWRT and tweaked as needed: <https://git.zx2c4.com/seedrng/about/>. This commit imports it into the urandom-seed package and wires up the init scripts to call it. This also is a significant improvement over the current init script, which does not robustly handle cleaning up of seeds and syncing to prevent reuse. Additionally, the existing script creates a new seed immediately after writing an old one, which means that the amount of entropy might actually regress, due to failing to credit the old seed. Closes: https://github.com/openwrt/openwrt/issues/9570 Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> [fixed missing INSTALL_DIR]
12 lines
310 B
Text
12 lines
310 B
Text
log_urandom_seed() {
|
|
echo "urandom-seed: $1" > /dev/kmsg
|
|
}
|
|
|
|
do_urandom_seed() {
|
|
[ -c /dev/urandom ] || { log_urandom_seed "Something is wrong with /dev/urandom"; return; }
|
|
seedrng 2>&1 | while read -r line; do
|
|
log_urandom_seed "$line"
|
|
done
|
|
}
|
|
|
|
boot_hook_add preinit_main do_urandom_seed
|