Let the kernel hwrng thread manage hw_random mixing.
This has been something the kernel does automatically since 2014, so there's no obvious reason to add extra work during boot to duplicate that effort. Bug: http://b/179086242 Test: treehugger Change-Id: I44cce99a892e4f2a6a303c2126bd29f955f5fb23
This commit is contained in:
Elliott Hughes
parent
3ce24b87a2
commit
eedd38a82a
3 changed files with 0 additions and 59 deletions
|
|
@ -902,7 +902,6 @@ int SecondStageMain(int argc, char** argv) {
|
||||||
am.QueueBuiltinAction(wait_for_coldboot_done_action, "wait_for_coldboot_done");
|
am.QueueBuiltinAction(wait_for_coldboot_done_action, "wait_for_coldboot_done");
|
||||||
am.QueueBuiltinAction(TransitionSnapuserdAction, "TransitionSnapuserd");
|
am.QueueBuiltinAction(TransitionSnapuserdAction, "TransitionSnapuserd");
|
||||||
// ... so that we can start queuing up actions that require stuff from /dev.
|
// ... so that we can start queuing up actions that require stuff from /dev.
|
||||||
am.QueueBuiltinAction(MixHwrngIntoLinuxRngAction, "MixHwrngIntoLinuxRng");
|
|
||||||
am.QueueBuiltinAction(SetMmapRndBitsAction, "SetMmapRndBits");
|
am.QueueBuiltinAction(SetMmapRndBitsAction, "SetMmapRndBits");
|
||||||
Keychords keychords;
|
Keychords keychords;
|
||||||
am.QueueBuiltinAction(
|
am.QueueBuiltinAction(
|
||||||
|
|
@ -918,10 +917,6 @@ int SecondStageMain(int argc, char** argv) {
|
||||||
// Trigger all the boot actions to get us started.
|
// Trigger all the boot actions to get us started.
|
||||||
am.QueueEventTrigger("init");
|
am.QueueEventTrigger("init");
|
||||||
|
|
||||||
// Repeat mix_hwrng_into_linux_rng in case /dev/hw_random or /dev/random
|
|
||||||
// wasn't ready immediately after wait_for_coldboot_done
|
|
||||||
am.QueueBuiltinAction(MixHwrngIntoLinuxRngAction, "MixHwrngIntoLinuxRng");
|
|
||||||
|
|
||||||
// Don't mount filesystems or start core system services in charger mode.
|
// Don't mount filesystems or start core system services in charger mode.
|
||||||
std::string bootmode = GetProperty("ro.bootmode", "");
|
std::string bootmode = GetProperty("ro.bootmode", "");
|
||||||
if (bootmode == "charger") {
|
if (bootmode == "charger") {
|
||||||
|
|
|
||||||
|
|
@ -36,59 +36,6 @@ using android::base::SetProperty;
|
||||||
namespace android {
|
namespace android {
|
||||||
namespace init {
|
namespace init {
|
||||||
|
|
||||||
// Writes 512 bytes of output from Hardware RNG (/dev/hw_random, backed
|
|
||||||
// by Linux kernel's hw_random framework) into Linux RNG's via /dev/urandom.
|
|
||||||
// Does nothing if Hardware RNG is not present.
|
|
||||||
//
|
|
||||||
// Since we don't yet trust the quality of Hardware RNG, these bytes are not
|
|
||||||
// mixed into the primary pool of Linux RNG and the entropy estimate is left
|
|
||||||
// unmodified.
|
|
||||||
//
|
|
||||||
// If the HW RNG device /dev/hw_random is present, we require that at least
|
|
||||||
// 512 bytes read from it are written into Linux RNG. QA is expected to catch
|
|
||||||
// devices/configurations where these I/O operations are blocking for a long
|
|
||||||
// time. We do not reboot or halt on failures, as this is a best-effort
|
|
||||||
// attempt.
|
|
||||||
Result<void> MixHwrngIntoLinuxRngAction(const BuiltinArguments&) {
|
|
||||||
unique_fd hwrandom_fd(
|
|
||||||
TEMP_FAILURE_RETRY(open("/dev/hw_random", O_RDONLY | O_NOFOLLOW | O_CLOEXEC)));
|
|
||||||
if (hwrandom_fd == -1) {
|
|
||||||
if (errno == ENOENT) {
|
|
||||||
LOG(INFO) << "/dev/hw_random not found";
|
|
||||||
// It's not an error to not have a Hardware RNG.
|
|
||||||
return {};
|
|
||||||
}
|
|
||||||
return ErrnoError() << "Failed to open /dev/hw_random";
|
|
||||||
}
|
|
||||||
|
|
||||||
unique_fd urandom_fd(
|
|
||||||
TEMP_FAILURE_RETRY(open("/dev/urandom", O_WRONLY | O_NOFOLLOW | O_CLOEXEC)));
|
|
||||||
if (urandom_fd == -1) {
|
|
||||||
return ErrnoError() << "Failed to open /dev/urandom";
|
|
||||||
}
|
|
||||||
|
|
||||||
char buf[512];
|
|
||||||
size_t total_bytes_written = 0;
|
|
||||||
while (total_bytes_written < sizeof(buf)) {
|
|
||||||
ssize_t chunk_size =
|
|
||||||
TEMP_FAILURE_RETRY(read(hwrandom_fd, buf, sizeof(buf) - total_bytes_written));
|
|
||||||
if (chunk_size == -1) {
|
|
||||||
return ErrnoError() << "Failed to read from /dev/hw_random";
|
|
||||||
} else if (chunk_size == 0) {
|
|
||||||
return Error() << "Failed to read from /dev/hw_random: EOF";
|
|
||||||
}
|
|
||||||
|
|
||||||
chunk_size = TEMP_FAILURE_RETRY(write(urandom_fd, buf, chunk_size));
|
|
||||||
if (chunk_size == -1) {
|
|
||||||
return ErrnoError() << "Failed to write to /dev/urandom";
|
|
||||||
}
|
|
||||||
total_bytes_written += chunk_size;
|
|
||||||
}
|
|
||||||
|
|
||||||
LOG(INFO) << "Mixed " << total_bytes_written << " bytes from /dev/hw_random into /dev/urandom";
|
|
||||||
return {};
|
|
||||||
}
|
|
||||||
|
|
||||||
static bool SetHighestAvailableOptionValue(const std::string& path, int min, int max) {
|
static bool SetHighestAvailableOptionValue(const std::string& path, int min, int max) {
|
||||||
std::ifstream inf(path, std::fstream::in);
|
std::ifstream inf(path, std::fstream::in);
|
||||||
if (!inf) {
|
if (!inf) {
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,6 @@
|
||||||
namespace android {
|
namespace android {
|
||||||
namespace init {
|
namespace init {
|
||||||
|
|
||||||
Result<void> MixHwrngIntoLinuxRngAction(const BuiltinArguments&);
|
|
||||||
Result<void> SetMmapRndBitsAction(const BuiltinArguments&);
|
Result<void> SetMmapRndBitsAction(const BuiltinArguments&);
|
||||||
Result<void> SetKptrRestrictAction(const BuiltinArguments&);
|
Result<void> SetKptrRestrictAction(const BuiltinArguments&);
|
||||||
Result<void> TestPerfEventSelinuxAction(const BuiltinArguments&);
|
Result<void> TestPerfEventSelinuxAction(const BuiltinArguments&);
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue