1. 06 Sep, 2017 1 commit
    • Jonas Termansen's avatar
      Mix in fresh randomness when writing out /boot/random.seed. · f864c59d
      Jonas Termansen authored
      When entropy gathering is implemented, in the case of the installer and
      upgrader, the system probably won't have any entropy when it begins. By the
      time the system is installed, there will probably be a bit of entropy from
      the user using the system and general system usage, so mix in some of that.
      In the case of init, after an installed system has run for a while, a lot of
      entropy will have gotten collected, but init will have its arc4random seeded
      with initial boot entry, so mix in some fresh entropy, so the random seed
      written on shutdown remains as entropic as possible.
      f864c59d
  2. 12 Apr, 2017 1 commit
  3. 03 Oct, 2016 2 commits
    • Jonas Termansen's avatar
      Seed kernel entropy with randomness from the previous boot. · 84c0844f
      Jonas Termansen authored
      The bootloader will now load the /boot/random.seed file if it exists, in
      which case the kernel will use it as the initial kernel entropy. The kernel
      warns if no random seed was loaded, unless the --no-random-seed option was
      given. This option is used for live environments that inherently have no
      prior secret state. The kernel initializes its entropy pool from the random
      seed as of the first things, so randomness is available very early on.
      
      init(8) will emit a fresh /boot/random.seed file on boot to avoid the same
      entropy being used twice. init(8) also writes out /boot/random.seed on
      system shutdown where the system has the most entropy. init(8) will warn if
      writing the file fails, except if /boot is a real-only filesystem, and
      keeping such state is impossible. The system administrator is then
      responsible for ensuring the bootloader somehow passes a fresh random seed
      on the next boot.
      
      /boot/random.seed must be owned by the root user and root group and must
      have file permissions 600 to avoid unprivileged users can read it. The file
      is passed to the kernel by the bootloader as a multiboot module with the
      command line --random-seed.
      
      If no random seed is loaded, the kernel attempts a poor quality fallback
      where it seeds the kernel arc4random(3) continuously with the current time.
      The timing variance may provide some effective entropy. There is no real
      kernel entropy gathering yet. The read of the CMOS real time clock is moved
      to an early point in the kernel boot, so the current time is available as
      fallback entropy.
      
      The kernel access of the random seed module is supposed to be infallible
      and happens before the kernel log is set up, but there is not yet a failsafe
      API for mapping single pages in the early kernel.
      
      sysupgrade(8) creates /boot/random.seed if it's absent as a temporary
      compatibility measure for people upgrading from the 1.0 release. The GRUB
      port will need to be upgraded with support for /boot/random.seed in the
      10_sortix script. Installation with manual bootloader configuration will
      need to load the random seed with the --random-seed command line. With GRUB,
      this can be done with: module /boot/random.seed --random-seed
      84c0844f
    • Jonas Termansen's avatar
  4. 05 Mar, 2016 1 commit
    • Jonas Termansen's avatar
      Relicense Sortix to the ISC license. · 2b72262b
      Jonas Termansen authored
      I hereby relicense all my work on Sortix under the ISC license as below.
      
      All Sortix contributions by other people are already under this license,
      are not substantial enough to be copyrightable, or have been removed.
      
      All imported code from other projects is compatible with this license.
      
      All GPL licensed code from other projects had previously been removed.
      
      Copyright 2011-2016 Jonas 'Sortie' Termansen and contributors.
      
      Permission to use, copy, modify, and distribute this software for any
      purpose with or without fee is hereby granted, provided that the above
      copyright notice and this permission notice appear in all copies.
      
      THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
      WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
      MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
      ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
      WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
      ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
      OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
      2b72262b
  5. 21 Feb, 2016 1 commit