• Jonas Termansen's avatar
    Seed kernel entropy with randomness from the previous boot. · 84c0844f
    Jonas Termansen authored
    The bootloader will now load the /boot/random.seed file if it exists, in
    which case the kernel will use it as the initial kernel entropy. The kernel
    warns if no random seed was loaded, unless the --no-random-seed option was
    given. This option is used for live environments that inherently have no
    prior secret state. The kernel initializes its entropy pool from the random
    seed as of the first things, so randomness is available very early on.
    
    init(8) will emit a fresh /boot/random.seed file on boot to avoid the same
    entropy being used twice. init(8) also writes out /boot/random.seed on
    system shutdown where the system has the most entropy. init(8) will warn if
    writing the file fails, except if /boot is a real-only filesystem, and
    keeping such state is impossible. The system administrator is then
    responsible for ensuring the bootloader somehow passes a fresh random seed
    on the next boot.
    
    /boot/random.seed must be owned by the root user and root group and must
    have file permissions 600 to avoid unprivileged users can read it. The file
    is passed to the kernel by the bootloader as a multiboot module with the
    command line --random-seed.
    
    If no random seed is loaded, the kernel attempts a poor quality fallback
    where it seeds the kernel arc4random(3) continuously with the current time.
    The timing variance may provide some effective entropy. There is no real
    kernel entropy gathering yet. The read of the CMOS real time clock is moved
    to an early point in the kernel boot, so the current time is available as
    fallback entropy.
    
    The kernel access of the random seed module is supposed to be infallible
    and happens before the kernel log is set up, but there is not yet a failsafe
    API for mapping single pages in the early kernel.
    
    sysupgrade(8) creates /boot/random.seed if it's absent as a temporary
    compatibility measure for people upgrading from the 1.0 release. The GRUB
    port will need to be upgraded with support for /boot/random.seed in the
    10_sortix script. Installation with manual bootloader configuration will
    need to load the random seed with the --random-seed command line. With GRUB,
    this can be done with: module /boot/random.seed --random-seed
    84c0844f
random.cpp 5.19 KB