summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore1
-rw-r--r--Makefile10
-rw-r--r--cpio_list.txt1
-rw-r--r--init2
-rw-r--r--load-random-seed.c65
5 files changed, 75 insertions, 4 deletions
diff --git a/.gitignore b/.gitignore
index b50d433..d915069 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,4 +3,5 @@
/gen_init_cpio
/initramfs.d
/initramfs.img
+/load-random-seed
/modules.sh
diff --git a/Makefile b/Makefile
index f36ca69..b82a41e 100644
--- a/Makefile
+++ b/Makefile
@@ -1,10 +1,12 @@
+CFLAGS += -Wall -Wextra
+
all: initramfs.img
-initramfs.img: gen_init_cpio dropbear_ed25519_host_key modules.sh
+initramfs.img: gen_init_cpio load-random-seed dropbear_ed25519_host_key modules.sh
./make
-gen_init_cpio: gen_init_cpio.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) gen_init_cpio.c -o $@
+%: %.c
+ $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@
dropbear_ed25519_host_key:
dropbearkey -t ed25519 -f $@
@@ -20,7 +22,7 @@ install: initramfs.img
mv /boot/initramfs.img.new /boot/initramfs.img
clean:
- rm -f initramfs.img initramfs.d gen_init_cpio
+ rm -f initramfs.img initramfs.d gen_init_cpio load-random-seed
-include initramfs.d
diff --git a/cpio_list.txt b/cpio_list.txt
index f0c7b7c..740e1d8 100644
--- a/cpio_list.txt
+++ b/cpio_list.txt
@@ -45,6 +45,7 @@ file /etc/passwd ./passwd 0644 0 0
file /etc/motd ./motd 0644 0 0
file /lib64/libnss_files.so.2 /lib64/libnss_files.so.2 0755 0 0
file /root/.ssh/authorized_keys ./authorized_keys 0600 0 0
+file /sbin/load-random-seed ./load-random-seed 0755 0 0
file /sbin/unlock ./unlock 0755 0 0
file /usr/share/udhcpc/default.script /usr/share/udhcpc/default.script 0755 0 0
file /var/log/lastlog /dev/null 0644 0 0
diff --git a/init b/init
index 706de93..503d689 100644
--- a/init
+++ b/init
@@ -13,6 +13,8 @@ mount -t devpts devpts /dev/pts
/etc/modules.sh || exit
+load-random-seed /sys/firmware/efi/efivars/LoaderRandomSeed-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
+
(
ip link set eth0 up
udhcpc -i eth0
diff --git a/load-random-seed.c b/load-random-seed.c
new file mode 100644
index 0000000..491afba
--- /dev/null
+++ b/load-random-seed.c
@@ -0,0 +1,65 @@
+#include <fcntl.h>
+#include <limits.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/ioctl.h>
+#include <unistd.h>
+
+// musl forbids include/linux
+#define RNDADDENTROPY _IOW( 'R', 0x03, int [2] )
+
+#define RAND_POOL_SIZE 512
+
+int main(int argc, char *argv[]) {
+ if (argc != 2) {
+ fputs("usage: load-random-seed FILE\n", stderr);
+ exit(1);
+ }
+
+ int seed_fd = open(argv[1], O_RDONLY);
+ if (seed_fd == -1) {
+ perror("error opening seed file");
+ exit(1);
+ }
+ struct {
+ int entropy_count;
+ int buf_size;
+ char buf[RAND_POOL_SIZE];
+ } rpi = {
+ .entropy_count = RAND_POOL_SIZE * CHAR_BIT,
+ .buf_size = RAND_POOL_SIZE
+ };
+ size_t sz = 0;
+ do {
+ ssize_t r = read(seed_fd, &rpi.buf[sz], RAND_POOL_SIZE - sz);
+ if (r == -1) {
+ perror("error reading seed file");
+ exit(1);
+ }
+ sz += r;
+ } while (sz < RAND_POOL_SIZE);
+
+ if (close(seed_fd) == -1) {
+ perror("error closing seed file");
+ exit(1);
+ }
+
+ int urandom_fd = open("/dev/urandom", O_RDWR);
+ if (urandom_fd == -1) {
+ perror("error opening /dev/urandom");
+ exit(1);
+ }
+ if (ioctl(urandom_fd, RNDADDENTROPY, &rpi) == -1) {
+ perror("error adding entropy");
+ exit(1);
+ }
+ if (close(urandom_fd) == -1) {
+ perror("error closing /dev/urandom");
+ exit(1);
+ }
+
+ return 0;
+}