From patchwork Wed Apr 29 19:33:03 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 3029 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 49C7wC4zr9z3xSR for ; Wed, 29 Apr 2020 19:33:15 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 49C7wB1Zffz28p; Wed, 29 Apr 2020 19:33:14 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 49C7w96fFhz2xq0; Wed, 29 Apr 2020 19:33:13 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 49C7w83cRvz2yLG for ; Wed, 29 Apr 2020 19:33:12 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 49C7w75bjDz1Sx; Wed, 29 Apr 2020 19:33:11 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1588188791; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=e3deFRrcQIQQXApbM8uREVOMNPBG0+bwfDZkz1oQq7c=; b=rrekYLZYdbAUk39t1DoTlwfDwUiKx1QkhLBLFWZWiu9sv5lb0rw/jIA2R1KPNsnEM13Gr/ qSVe7UCNWI6By+DQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1588188791; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=e3deFRrcQIQQXApbM8uREVOMNPBG0+bwfDZkz1oQq7c=; b=QtVD/Jyx576PqahWtbX6uoKaVQeU0pmJbfR/4kkmM0472W8cl6kHno/TT7OQRH9SPKGW+f 7b7tIio3XHdzNMJsBYScZ5ufSneJG37ME/PVl4g8oY2Y7tPjS7vjtwCJU2vDvYCtLKP/Hq 5DZy1nuVQaIv6u/PCPsuoUPNP/Md58D99Z+t1b8wsFF7pkUZyZQ6sV5Tkx4slvv0Lh78c/ fVZmsmTH7aAnGdUtAUYZfmzsoPBWRTHeFIwd/8rIiQMWVx2erOg2WUreb//pC3EzJxrgPU U7ttlTUDL9OgKyMhM8Htj9fUV/Ao09J1i6akwXyv0ROsLleT1Ka4fL2nhUCy5w== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH 1/2] random: Launch rngd earlier in the boot process Date: Wed, 29 Apr 2020 19:33:03 +0000 Message-Id: <20200429193304.21404-2-michael.tremer@ipfire.org> In-Reply-To: <20200429193304.21404-1-michael.tremer@ipfire.org> References: <20200429193304.21404-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" We should initialise the kernel's PRNG as early as we can. Starting rngd very early will seed the random number generator when RDRAND or other hardware random number generators are available. Signed-off-by: Michael Tremer --- config/rootfiles/common/aarch64/initscripts | 2 +- config/rootfiles/common/armv5tel/initscripts | 2 +- config/rootfiles/common/i586/initscripts | 2 +- config/rootfiles/common/x86_64/initscripts | 2 +- lfs/initscripts | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts index 54f6f92a3..d6f13224a 100644 --- a/config/rootfiles/common/aarch64/initscripts +++ b/config/rootfiles/common/aarch64/initscripts @@ -193,6 +193,7 @@ etc/rc.d/rcsysinit.d/S44smt etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock +etc/rc.d/rcsysinit.d/S65rngd etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S73swconfig @@ -200,7 +201,6 @@ etc/rc.d/rcsysinit.d/S74cloud-init etc/rc.d/rcsysinit.d/S75firstsetup etc/rc.d/rcsysinit.d/S80localnet etc/rc.d/rcsysinit.d/S85firewall -etc/rc.d/rcsysinit.d/S92rngd #etc/sysconfig etc/sysconfig/createfiles etc/sysconfig/firewall.local diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts index 54f6f92a3..d6f13224a 100644 --- a/config/rootfiles/common/armv5tel/initscripts +++ b/config/rootfiles/common/armv5tel/initscripts @@ -193,6 +193,7 @@ etc/rc.d/rcsysinit.d/S44smt etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock +etc/rc.d/rcsysinit.d/S65rngd etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S73swconfig @@ -200,7 +201,6 @@ etc/rc.d/rcsysinit.d/S74cloud-init etc/rc.d/rcsysinit.d/S75firstsetup etc/rc.d/rcsysinit.d/S80localnet etc/rc.d/rcsysinit.d/S85firewall -etc/rc.d/rcsysinit.d/S92rngd #etc/sysconfig etc/sysconfig/createfiles etc/sysconfig/firewall.local diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts index b32efd786..2db7f1aa3 100644 --- a/config/rootfiles/common/i586/initscripts +++ b/config/rootfiles/common/i586/initscripts @@ -192,13 +192,13 @@ etc/rc.d/rcsysinit.d/S44smt etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock +etc/rc.d/rcsysinit.d/S65rngd etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S74cloud-init etc/rc.d/rcsysinit.d/S75firstsetup etc/rc.d/rcsysinit.d/S80localnet etc/rc.d/rcsysinit.d/S85firewall -etc/rc.d/rcsysinit.d/S92rngd #etc/sysconfig etc/sysconfig/createfiles etc/sysconfig/firewall.local diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts index b32efd786..2db7f1aa3 100644 --- a/config/rootfiles/common/x86_64/initscripts +++ b/config/rootfiles/common/x86_64/initscripts @@ -192,13 +192,13 @@ etc/rc.d/rcsysinit.d/S44smt etc/rc.d/rcsysinit.d/S45udev_retry etc/rc.d/rcsysinit.d/S50cleanfs etc/rc.d/rcsysinit.d/S60setclock +etc/rc.d/rcsysinit.d/S65rngd etc/rc.d/rcsysinit.d/S70console etc/rc.d/rcsysinit.d/S71pakfire etc/rc.d/rcsysinit.d/S74cloud-init etc/rc.d/rcsysinit.d/S75firstsetup etc/rc.d/rcsysinit.d/S80localnet etc/rc.d/rcsysinit.d/S85firewall -etc/rc.d/rcsysinit.d/S92rngd #etc/sysconfig etc/sysconfig/createfiles etc/sysconfig/firewall.local diff --git a/lfs/initscripts b/lfs/initscripts index 37ca5cd3f..ba6c9f913 100644 --- a/lfs/initscripts +++ b/lfs/initscripts @@ -173,13 +173,13 @@ $(TARGET) : ln -sf ../init.d/setclock /etc/rc.d/rcsysinit.d/S60setclock ln -sf ../init.d/setclock /etc/rc.d/rc0.d/K47setclock ln -sf ../init.d/setclock /etc/rc.d/rc6.d/K47setclock + ln -sf ../init.d/rngd /etc/rc.d/rcsysinit.d/S65rngd ln -sf ../init.d/console /etc/rc.d/rcsysinit.d/S70console ln -sf ../init.d/pakfire /etc/rc.d/rcsysinit.d/S71pakfire ln -sf ../init.d/cloud-init /etc/rc.d/rcsysinit.d/S74cloud-init ln -sf ../init.d/firstsetup /etc/rc.d/rcsysinit.d/S75firstsetup ln -sf ../init.d/localnet /etc/rc.d/rcsysinit.d/S80localnet ln -sf ../init.d/firewall /etc/rc.d/rcsysinit.d/S85firewall - ln -sf ../init.d/rngd /etc/rc.d/rcsysinit.d/S92rngd ln -sf ../init.d/vnstat /etc/rc.d/rc3.d/S01vnstat ln -sf ../init.d/vnstat /etc/rc.d/rc0.d/K51vnstat ln -sf ../init.d/vnstat /etc/rc.d/rc6.d/K51vnstat