[arch-projects] [PATCH initscripts 0/4] allow random seed to be loaded before cryptsetup
From: Matthew Monaco <matthew.monaco@0x01b.net> The ultimate goal here is FS#17131. I couldn't quite tell the best approach in some places from looking at the existing code because there's a little bit of everything. For example, I define RANDOM_SEED in functions, but use it in rc.sysinit. Is this ok for variables? I wanted to keep the status text in rc.sysinit. Is this worthwhile? Can/Should it go within the function? Matthew Monaco (4): functions: new funcs for random seed handling init/shutdown: use {load,store}_random_seed() rc.sysinit: load seed before cryptsetup (FS#17131) rc.sysinit: store random seed after loading functions | 21 +++++++++++++++++++++ rc.shutdown | 13 +------------ rc.sysinit | 14 ++++++++++---- 3 files changed, 32 insertions(+), 16 deletions(-) -- 1.7.9.4
From: Matthew Monaco <matthew.monaco@0x01b.net> The differences compared to the existing inline implementation are: - can use cat again for loading - the calculated pool size can be local - quote file names... can't hurt --- functions | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/functions b/functions index f8a7acd..183971a 100644 --- a/functions +++ b/functions @@ -529,6 +529,27 @@ bootlogd_stop() { -e 's/\^\[(\[1?[0-9][0-9]|%)G//g' -e 's/\^\[\[0;1//g' /var/log/boot } +RANDOM_SEED=/var/lib/misc/random-seed +RANDOM_POOL_FILE=/proc/sys/kernel/random/poolsize + +load_random_seed() { + if [[ -f "$RANDOM_SEED" ]]; then + cat "$RANDOM_SEED" > /dev/urandom + fi +} + +store_random_seed() { + local pool_size + install -TDm 0600 /dev/null "$RANDOM_SEED" + if [[ -r "$RANDOM_POOL_FILE" ]]; then + read pool_size < "$RANDOM_POOL_FILE" + (( pool_size /= 8 )) + else + pool_size=512 + fi + dd if=/dev/urandom of="$RANDOM_SEED" count=1 bs=$pool_size &> /dev/null +} + ############################### # Custom hooks in initscripts # ############################### -- 1.7.9.4
From: Matthew Monaco <matthew.monaco@0x01b.net> --- rc.shutdown | 13 +------------ rc.sysinit | 5 +---- 2 files changed, 2 insertions(+), 16 deletions(-) diff --git a/rc.shutdown b/rc.shutdown index 54a1e9a..433a945 100755 --- a/rc.shutdown +++ b/rc.shutdown @@ -19,18 +19,7 @@ run_hook shutdown_start stop_all_daemons -stat_busy "Saving Random Seed" - RANDOM_SEED=/var/lib/misc/random-seed - install -TDm 0600 /dev/null $RANDOM_SEED - POOL_FILE=/proc/sys/kernel/random/poolsize - if [[ -r $POOL_FILE ]]; then - read POOL_SIZE < $POOL_FILE - (( POOL_SIZE /= 8 )) - else - POOL_SIZE=512 - fi - dd if=/dev/urandom of=$RANDOM_SEED count=1 bs=$POOL_SIZE &>/dev/null -stat_done +status "Saving Random Seed" store_random_seed [[ $TIMEZONE ]] && status "Configuring Time Zone" set_timezone "$TIMEZONE" diff --git a/rc.sysinit b/rc.sysinit index 9880995..d3cda23 100755 --- a/rc.sysinit +++ b/rc.sysinit @@ -215,10 +215,7 @@ status "Activating Swap" swapon -a [[ $TIMEZONE ]] && status "Configuring Time Zone" set_timezone "$TIMEZONE" -RANDOM_SEED=/var/lib/misc/random-seed -[[ -f $RANDOM_SEED ]] && - status "Initializing Random Seed" \ - cp $RANDOM_SEED /dev/urandom +status "Initializing Random Seed" load_random_seed # Remove leftover files remove_leftover -- 1.7.9.4
From: Matthew Monaco <matthew.monaco@0x01b.net> --- rc.sysinit | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/rc.sysinit b/rc.sysinit index d3cda23..7b9c344 100755 --- a/rc.sysinit +++ b/rc.sysinit @@ -90,6 +90,13 @@ udevd_modprobe sysinit # Activate LVM2 groups if any activate_vgs +if [[ -f "$RANDOM_SEED" ]]; then + status "Initializing Random Seed" load_random_seed + RANDOM_SEED_LOADED=1 +else + RANDOM_SEED_LOADED=0 +fi + # Set up non-root encrypted partition mappings if [[ -f /etc/crypttab && $CS ]] && grep -q ^[^#] /etc/crypttab; then stat_busy "Unlocking encrypted volumes:" @@ -215,7 +222,7 @@ status "Activating Swap" swapon -a [[ $TIMEZONE ]] && status "Configuring Time Zone" set_timezone "$TIMEZONE" -status "Initializing Random Seed" load_random_seed +(( $RANDOM_SEED_LOADED )) || status "Initializing Random Seed" load_random_seed # Remove leftover files remove_leftover -- 1.7.9.4
From: Matthew Monaco <matthew.monaco@0x01b.net> This will prevent the system from booting with a previous seed in case rc.shutdown was not run for whatever reason. --- rc.sysinit | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rc.sysinit b/rc.sysinit index 7b9c344..aff48bf 100755 --- a/rc.sysinit +++ b/rc.sysinit @@ -224,6 +224,8 @@ status "Activating Swap" swapon -a (( $RANDOM_SEED_LOADED )) || status "Initializing Random Seed" load_random_seed +status "Saving Random Seed" store_random_seed + # Remove leftover files remove_leftover -- 1.7.9.4
Hi Matthew, On Wed, Mar 14, 2012 at 1:27 AM, Matthew Monaco <dgbaley27@0x01b.net> wrote:
The ultimate goal here is FS#17131. I couldn't quite tell the best approach in some places from looking at the existing code because there's a little bit of everything.
Thanks for the patches. I'll just make some high-level remarks and I'll look at the details later: Patch 1, 2 and 4 look good in principle. However, patch 3 (implementing the FS) has an issue (which is the reason this has not been implemented yet). That is, it will not work as expected if /var is encrypted. In my opinion the proper solution for this is to split the crypttab handling into two parts: one that does not use /dev/urandom and one that does (which should be done after the random seed has been initialized. I know that Dave has been looking into refactoring the crypttab stuff, and hopefully that should make it much easier to make this happen.
I wanted to keep the status text in rc.sysinit. Is this worthwhile?
I think that is a good idea wherever possible. -t
On 03/13/2012 07:46 PM, Tom Gundersen wrote:
Hi Matthew,
On Wed, Mar 14, 2012 at 1:27 AM, Matthew Monaco <dgbaley27@0x01b.net> wrote:
The ultimate goal here is FS#17131. I couldn't quite tell the best approach in some places from looking at the existing code because there's a little bit of everything.
Thanks for the patches. I'll just make some high-level remarks and I'll look at the details later:
Patch 1, 2 and 4 look good in principle.
However, patch 3 (implementing the FS) has an issue (which is the reason this has not been implemented yet). That is, it will not work as expected if /var is encrypted.
This is why prior to cryptsetup is just an attempt. If that isn't possible, then it's still performed in the same spot as before.
In my opinion the proper solution for this is to split the crypttab handling into two parts: one that does not use /dev/urandom and one that does (which should be done after the random seed has been initialized. I know that Dave has been looking into refactoring the crypttab stuff, and hopefully that should make it much easier to make this happen.
Yes, it'd be nice to run cryptsetup on as much as possible early, and then use volums with a major/minor 1/{8,9} later.
I wanted to keep the status text in rc.sysinit. Is this worthwhile?
I think that is a good idea wherever possible.
-t
On Wed, Mar 14, 2012 at 1:53 AM, Matthew Monaco <dgbaley27@0x01b.net> wrote:
On 03/13/2012 07:46 PM, Tom Gundersen wrote:
However, patch 3 (implementing the FS) has an issue (which is the reason this has not been implemented yet). That is, it will not work as expected if /var is encrypted.
This is why prior to cryptsetup is just an attempt. If that isn't possible, then it's still performed in the same spot as before.
Yeah, your approach is strictly speaking better than what we have now, and if there was no other way I'd go with it. However, since it still leaves out one usecase (encrypted /var + encrypted swap) that can be fixed by reshuffling the crypttab stuff a bit, I'd rather we do that. -t
participants (2)
-
Matthew Monaco
-
Tom Gundersen