diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | Makefile | 10 | ||||
| -rw-r--r-- | cpio_list.txt | 1 | ||||
| -rw-r--r-- | init | 2 | ||||
| -rw-r--r-- | load-random-seed.c | 65 |
5 files changed, 75 insertions, 4 deletions
@@ -3,4 +3,5 @@ /gen_init_cpio /initramfs.d /initramfs.img +/load-random-seed /modules.sh @@ -1,10 +1,12 @@ +CFLAGS += -Wall -Wextra + all: initramfs.img -initramfs.img: gen_init_cpio dropbear_ed25519_host_key modules.sh +initramfs.img: gen_init_cpio load-random-seed dropbear_ed25519_host_key modules.sh ./make -gen_init_cpio: gen_init_cpio.c - $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) gen_init_cpio.c -o $@ +%: %.c + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ dropbear_ed25519_host_key: dropbearkey -t ed25519 -f $@ @@ -20,7 +22,7 @@ install: initramfs.img mv /boot/initramfs.img.new /boot/initramfs.img clean: - rm -f initramfs.img initramfs.d gen_init_cpio + rm -f initramfs.img initramfs.d gen_init_cpio load-random-seed -include initramfs.d diff --git a/cpio_list.txt b/cpio_list.txt index f0c7b7c..740e1d8 100644 --- a/cpio_list.txt +++ b/cpio_list.txt @@ -45,6 +45,7 @@ file /etc/passwd ./passwd 0644 0 0 file /etc/motd ./motd 0644 0 0 file /lib64/libnss_files.so.2 /lib64/libnss_files.so.2 0755 0 0 file /root/.ssh/authorized_keys ./authorized_keys 0600 0 0 +file /sbin/load-random-seed ./load-random-seed 0755 0 0 file /sbin/unlock ./unlock 0755 0 0 file /usr/share/udhcpc/default.script /usr/share/udhcpc/default.script 0755 0 0 file /var/log/lastlog /dev/null 0644 0 0 @@ -13,6 +13,8 @@ mount -t devpts devpts /dev/pts /etc/modules.sh || exit +load-random-seed /sys/firmware/efi/efivars/LoaderRandomSeed-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f + ( ip link set eth0 up udhcpc -i eth0 diff --git a/load-random-seed.c b/load-random-seed.c new file mode 100644 index 0000000..491afba --- /dev/null +++ b/load-random-seed.c @@ -0,0 +1,65 @@ +#include <fcntl.h> +#include <limits.h> +#include <stdbool.h> +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/ioctl.h> +#include <unistd.h> + +// musl forbids include/linux +#define RNDADDENTROPY _IOW( 'R', 0x03, int [2] ) + +#define RAND_POOL_SIZE 512 + +int main(int argc, char *argv[]) { + if (argc != 2) { + fputs("usage: load-random-seed FILE\n", stderr); + exit(1); + } + + int seed_fd = open(argv[1], O_RDONLY); + if (seed_fd == -1) { + perror("error opening seed file"); + exit(1); + } + struct { + int entropy_count; + int buf_size; + char buf[RAND_POOL_SIZE]; + } rpi = { + .entropy_count = RAND_POOL_SIZE * CHAR_BIT, + .buf_size = RAND_POOL_SIZE + }; + size_t sz = 0; + do { + ssize_t r = read(seed_fd, &rpi.buf[sz], RAND_POOL_SIZE - sz); + if (r == -1) { + perror("error reading seed file"); + exit(1); + } + sz += r; + } while (sz < RAND_POOL_SIZE); + + if (close(seed_fd) == -1) { + perror("error closing seed file"); + exit(1); + } + + int urandom_fd = open("/dev/urandom", O_RDWR); + if (urandom_fd == -1) { + perror("error opening /dev/urandom"); + exit(1); + } + if (ioctl(urandom_fd, RNDADDENTROPY, &rpi) == -1) { + perror("error adding entropy"); + exit(1); + } + if (close(urandom_fd) == -1) { + perror("error closing /dev/urandom"); + exit(1); + } + + return 0; +} |