From 0d8f101483cbc72261514806da2df7c0bfad88f7 Mon Sep 17 00:00:00 2001 From: "Alex Xu (Hello71)" Date: Sun, 19 Jul 2020 07:39:22 -0400 Subject: add load-random-seed --- .gitignore | 1 + Makefile | 10 +++++---- cpio_list.txt | 1 + init | 2 ++ load-random-seed.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 75 insertions(+), 4 deletions(-) create mode 100644 load-random-seed.c diff --git a/.gitignore b/.gitignore index b50d433..d915069 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,5 @@ /gen_init_cpio /initramfs.d /initramfs.img +/load-random-seed /modules.sh diff --git a/Makefile b/Makefile index f36ca69..b82a41e 100644 --- a/Makefile +++ b/Makefile @@ -1,10 +1,12 @@ +CFLAGS += -Wall -Wextra + all: initramfs.img -initramfs.img: gen_init_cpio dropbear_ed25519_host_key modules.sh +initramfs.img: gen_init_cpio load-random-seed dropbear_ed25519_host_key modules.sh ./make -gen_init_cpio: gen_init_cpio.c - $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) gen_init_cpio.c -o $@ +%: %.c + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) $< -o $@ dropbear_ed25519_host_key: dropbearkey -t ed25519 -f $@ @@ -20,7 +22,7 @@ install: initramfs.img mv /boot/initramfs.img.new /boot/initramfs.img clean: - rm -f initramfs.img initramfs.d gen_init_cpio + rm -f initramfs.img initramfs.d gen_init_cpio load-random-seed -include initramfs.d diff --git a/cpio_list.txt b/cpio_list.txt index f0c7b7c..740e1d8 100644 --- a/cpio_list.txt +++ b/cpio_list.txt @@ -45,6 +45,7 @@ file /etc/passwd ./passwd 0644 0 0 file /etc/motd ./motd 0644 0 0 file /lib64/libnss_files.so.2 /lib64/libnss_files.so.2 0755 0 0 file /root/.ssh/authorized_keys ./authorized_keys 0600 0 0 +file /sbin/load-random-seed ./load-random-seed 0755 0 0 file /sbin/unlock ./unlock 0755 0 0 file /usr/share/udhcpc/default.script /usr/share/udhcpc/default.script 0755 0 0 file /var/log/lastlog /dev/null 0644 0 0 diff --git a/init b/init index 706de93..503d689 100644 --- a/init +++ b/init @@ -13,6 +13,8 @@ mount -t devpts devpts /dev/pts /etc/modules.sh || exit +load-random-seed /sys/firmware/efi/efivars/LoaderRandomSeed-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f + ( ip link set eth0 up udhcpc -i eth0 diff --git a/load-random-seed.c b/load-random-seed.c new file mode 100644 index 0000000..491afba --- /dev/null +++ b/load-random-seed.c @@ -0,0 +1,65 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include + +// musl forbids include/linux +#define RNDADDENTROPY _IOW( 'R', 0x03, int [2] ) + +#define RAND_POOL_SIZE 512 + +int main(int argc, char *argv[]) { + if (argc != 2) { + fputs("usage: load-random-seed FILE\n", stderr); + exit(1); + } + + int seed_fd = open(argv[1], O_RDONLY); + if (seed_fd == -1) { + perror("error opening seed file"); + exit(1); + } + struct { + int entropy_count; + int buf_size; + char buf[RAND_POOL_SIZE]; + } rpi = { + .entropy_count = RAND_POOL_SIZE * CHAR_BIT, + .buf_size = RAND_POOL_SIZE + }; + size_t sz = 0; + do { + ssize_t r = read(seed_fd, &rpi.buf[sz], RAND_POOL_SIZE - sz); + if (r == -1) { + perror("error reading seed file"); + exit(1); + } + sz += r; + } while (sz < RAND_POOL_SIZE); + + if (close(seed_fd) == -1) { + perror("error closing seed file"); + exit(1); + } + + int urandom_fd = open("/dev/urandom", O_RDWR); + if (urandom_fd == -1) { + perror("error opening /dev/urandom"); + exit(1); + } + if (ioctl(urandom_fd, RNDADDENTROPY, &rpi) == -1) { + perror("error adding entropy"); + exit(1); + } + if (close(urandom_fd) == -1) { + perror("error closing /dev/urandom"); + exit(1); + } + + return 0; +} -- cgit v1.2.3-54-g00ecf