|
|
d4a4eb |
From 31116110ff0090324a568ce2aba6519a860d66b3 Mon Sep 17 00:00:00 2001
|
|
|
d4a4eb |
From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com>
|
|
|
d4a4eb |
Date: Thu, 11 Jul 2019 10:50:40 +0200
|
|
|
d4a4eb |
Subject: [PATCH] rngd: new module running early during boot to help generating
|
|
|
d4a4eb |
entropy when system's default entropy sources are poor (e.g. use of SSD disks
|
|
|
d4a4eb |
or UEFI RNG not available)
|
|
|
d4a4eb |
MIME-Version: 1.0
|
|
|
d4a4eb |
Content-Type: text/plain; charset=UTF-8
|
|
|
d4a4eb |
Content-Transfer-Encoding: 8bit
|
|
|
d4a4eb |
|
|
|
d4a4eb |
On systems with low entropy at boot, the boot can take up to several
|
|
|
d4a4eb |
hours, specially when NBDE is used (e.g. clevis) which makes use of
|
|
|
d4a4eb |
the random number generator.
|
|
|
d4a4eb |
|
|
|
d4a4eb |
Enabling rngd service at boot early, because dracut-initqueue runs,
|
|
|
d4a4eb |
enables to initialize the random number generator in a couple of seconds
|
|
|
d4a4eb |
instead of minutes or hours.
|
|
|
d4a4eb |
|
|
|
d4a4eb |
Signed-off-by: Renaud Métrich <rmetrich@redhat.com>
|
|
|
d4a4eb |
(cherry picked from commit adee5b97bc5418b6e357342bb3be20568668aa55)
|
|
|
d4a4eb |
|
|
|
d4a4eb |
Resolves: #1726617
|
|
|
d4a4eb |
---
|
|
|
d4a4eb |
modules.d/06rngd/module-setup.sh | 39 +++++++++++++++++++++++++++++++++++++++
|
|
|
d4a4eb |
modules.d/06rngd/rngd.service | 7 +++++++
|
|
|
d4a4eb |
2 files changed, 46 insertions(+)
|
|
|
d4a4eb |
|
|
|
d4a4eb |
diff --git a/modules.d/06rngd/module-setup.sh b/modules.d/06rngd/module-setup.sh
|
|
|
d4a4eb |
new file mode 100644
|
|
|
d4a4eb |
index 00000000..43d5c2d3
|
|
|
d4a4eb |
--- /dev/null
|
|
|
d4a4eb |
+++ b/modules.d/06rngd/module-setup.sh
|
|
|
d4a4eb |
@@ -0,0 +1,39 @@
|
|
|
d4a4eb |
+#!/bin/bash
|
|
|
d4a4eb |
+# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
|
|
|
d4a4eb |
+#
|
|
|
d4a4eb |
+# Copyright (c) 2019 Red Hat, Inc.
|
|
|
d4a4eb |
+# Author: Renaud Métrich <rmetrich@redhat.com>
|
|
|
d4a4eb |
+#
|
|
|
d4a4eb |
+# This program is free software: you can redistribute it and/or modify
|
|
|
d4a4eb |
+# it under the terms of the GNU General Public License as published by
|
|
|
d4a4eb |
+# the Free Software Foundation, either version 3 of the License, or
|
|
|
d4a4eb |
+# (at your option) any later version.
|
|
|
d4a4eb |
+#
|
|
|
d4a4eb |
+# This program is distributed in the hope that it will be useful,
|
|
|
d4a4eb |
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
d4a4eb |
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
d4a4eb |
+# GNU General Public License for more details.
|
|
|
d4a4eb |
+#
|
|
|
d4a4eb |
+# You should have received a copy of the GNU General Public License
|
|
|
d4a4eb |
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
d4a4eb |
+#
|
|
|
d4a4eb |
+
|
|
|
d4a4eb |
+depends() {
|
|
|
d4a4eb |
+ echo systemd
|
|
|
d4a4eb |
+ return 0
|
|
|
d4a4eb |
+}
|
|
|
d4a4eb |
+
|
|
|
d4a4eb |
+check() {
|
|
|
d4a4eb |
+ # if there's no rngd binary, no go.
|
|
|
d4a4eb |
+ require_binaries rngd || return 1
|
|
|
d4a4eb |
+
|
|
|
d4a4eb |
+ return 0
|
|
|
d4a4eb |
+}
|
|
|
d4a4eb |
+
|
|
|
d4a4eb |
+install() {
|
|
|
d4a4eb |
+ inst rngd
|
|
|
d4a4eb |
+ inst_simple "${moddir}/rngd.service" "${systemdsystemunitdir}/rngd.service"
|
|
|
d4a4eb |
+ mkdir -p "${initdir}${systemdsystemunitdir}/sysinit.target.wants"
|
|
|
d4a4eb |
+ ln -rfs "${initdir}${systemdsystemunitdir}/rngd.service" \
|
|
|
d4a4eb |
+ "${initdir}${systemdsystemunitdir}/sysinit.target.wants/rngd.service"
|
|
|
d4a4eb |
+}
|
|
|
d4a4eb |
diff --git a/modules.d/06rngd/rngd.service b/modules.d/06rngd/rngd.service
|
|
|
d4a4eb |
new file mode 100644
|
|
|
d4a4eb |
index 00000000..570fbedb
|
|
|
d4a4eb |
--- /dev/null
|
|
|
d4a4eb |
+++ b/modules.d/06rngd/rngd.service
|
|
|
d4a4eb |
@@ -0,0 +1,7 @@
|
|
|
d4a4eb |
+[Unit]
|
|
|
d4a4eb |
+Description=Hardware RNG Entropy Gatherer Daemon
|
|
|
d4a4eb |
+DefaultDependencies=no
|
|
|
d4a4eb |
+Before=systemd-udevd.service
|
|
|
d4a4eb |
+
|
|
|
d4a4eb |
+[Service]
|
|
|
d4a4eb |
+ExecStart=/usr/sbin/rngd -f
|
|
|
d4a4eb |
|