You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
192 lines
7.8 KiB
192 lines
7.8 KiB
8 months ago
|
From 5c3c932aeef27dcc0b4cb91aeb7e52974add6998 Mon Sep 17 00:00:00 2001
|
||
|
From: Lennart Poettering <lennart@poettering.net>
|
||
|
Date: Tue, 20 Dec 2022 16:18:11 +0100
|
||
|
Subject: [PATCH] random-seed: don't refresh EFI random seed from random-seed.c
|
||
|
anymore
|
||
|
|
||
|
The ESP is simply not mounted early enough for this. We want that the
|
||
|
regular random seed handling runs as early as we possibly could, but we
|
||
|
don't want to delay this until the ESP is actually mounted.
|
||
|
|
||
|
Hence, let's remove this from random-seed.c here. A follow-up commit
|
||
|
will then add this back in, in a separate service which just calls
|
||
|
"bootctl random-seed".
|
||
|
|
||
|
Effectively reverts: f913c784ad4c93894fd6cb2590738113dff5a694
|
||
|
|
||
|
Fixes: #25769
|
||
|
(cherry picked from commit 29d487adb4ce70cc87a09ce2003d29789b2b4c3f)
|
||
|
|
||
|
Related: RHEL-16952
|
||
|
---
|
||
|
src/random-seed/random-seed.c | 111 +---------------------------------
|
||
|
1 file changed, 2 insertions(+), 109 deletions(-)
|
||
|
|
||
|
diff --git a/src/random-seed/random-seed.c b/src/random-seed/random-seed.c
|
||
|
index 3bb78200c9..79544c1027 100644
|
||
|
--- a/src/random-seed/random-seed.c
|
||
|
+++ b/src/random-seed/random-seed.c
|
||
|
@@ -16,10 +16,7 @@
|
||
|
|
||
|
#include "alloc-util.h"
|
||
|
#include "build.h"
|
||
|
-#include "chase-symlinks.h"
|
||
|
-#include "efi-loader.h"
|
||
|
#include "fd-util.h"
|
||
|
-#include "find-esp.h"
|
||
|
#include "fs-util.h"
|
||
|
#include "io-util.h"
|
||
|
#include "log.h"
|
||
|
@@ -27,17 +24,13 @@
|
||
|
#include "missing_random.h"
|
||
|
#include "missing_syscall.h"
|
||
|
#include "mkdir.h"
|
||
|
-#include "parse-argument.h"
|
||
|
#include "parse-util.h"
|
||
|
-#include "path-util.h"
|
||
|
#include "pretty-print.h"
|
||
|
#include "random-util.h"
|
||
|
#include "string-table.h"
|
||
|
#include "string-util.h"
|
||
|
-#include "strv.h"
|
||
|
#include "sync-util.h"
|
||
|
#include "sha256.h"
|
||
|
-#include "terminal-util.h"
|
||
|
#include "util.h"
|
||
|
#include "xattr-util.h"
|
||
|
|
||
|
@@ -314,100 +307,6 @@ static int save_seed_file(
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
-static int refresh_boot_seed(void) {
|
||
|
- uint8_t buffer[RANDOM_EFI_SEED_SIZE];
|
||
|
- struct sha256_ctx hash_state;
|
||
|
- _cleanup_free_ void *seed_file_bytes = NULL;
|
||
|
- _cleanup_free_ char *esp_path = NULL;
|
||
|
- _cleanup_close_ int seed_fd = -1, dir_fd = -1;
|
||
|
- size_t len;
|
||
|
- ssize_t n;
|
||
|
- int r;
|
||
|
-
|
||
|
- assert_cc(RANDOM_EFI_SEED_SIZE == SHA256_DIGEST_SIZE);
|
||
|
-
|
||
|
- r = find_esp_and_warn(NULL, NULL, /* unprivileged_mode= */ false, &esp_path,
|
||
|
- NULL, NULL, NULL, NULL, NULL);
|
||
|
- if (r < 0) {
|
||
|
- if (r == -ENOKEY) {
|
||
|
- log_debug_errno(r, "Couldn't find any ESP, so not updating ESP random seed.");
|
||
|
- return 0;
|
||
|
- }
|
||
|
- return r; /* find_esp_and_warn() already logged */
|
||
|
- }
|
||
|
-
|
||
|
- r = chase_symlinks("/loader", esp_path, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, NULL, &dir_fd);
|
||
|
- if (r < 0) {
|
||
|
- if (r == -ENOENT) {
|
||
|
- log_debug_errno(r, "Couldn't find ESP loader directory, so not updating ESP random seed.");
|
||
|
- return 0;
|
||
|
- }
|
||
|
- return log_error_errno(r, "Failed to open ESP loader directory: %m");
|
||
|
- }
|
||
|
- seed_fd = openat(dir_fd, "random-seed", O_NOFOLLOW|O_RDWR|O_CLOEXEC|O_NOCTTY);
|
||
|
- if (seed_fd < 0 && errno == ENOENT) {
|
||
|
- uint64_t features;
|
||
|
- r = efi_loader_get_features(&features);
|
||
|
- if (r == 0 && FLAGS_SET(features, EFI_LOADER_FEATURE_RANDOM_SEED))
|
||
|
- seed_fd = openat(dir_fd, "random-seed", O_CREAT|O_EXCL|O_RDWR|O_CLOEXEC|O_NOCTTY, 0600);
|
||
|
- else {
|
||
|
- log_debug_errno(seed_fd, "Couldn't find ESP random seed, and not booted with systemd-boot, so not updating ESP random seed.");
|
||
|
- return 0;
|
||
|
- }
|
||
|
- }
|
||
|
- if (seed_fd < 0)
|
||
|
- return log_error_errno(errno, "Failed to open EFI seed path: %m");
|
||
|
- r = random_seed_size(seed_fd, &len);
|
||
|
- if (r < 0)
|
||
|
- return log_error_errno(r, "Failed to determine EFI seed path length: %m");
|
||
|
- seed_file_bytes = malloc(len);
|
||
|
- if (!seed_file_bytes)
|
||
|
- return log_oom();
|
||
|
- n = loop_read(seed_fd, seed_file_bytes, len, false);
|
||
|
- if (n < 0)
|
||
|
- return log_error_errno(n, "Failed to read EFI seed file: %m");
|
||
|
-
|
||
|
- /* Hash the old seed in so that we never regress in entropy. */
|
||
|
- sha256_init_ctx(&hash_state);
|
||
|
- sha256_process_bytes_and_size(seed_file_bytes, n, &hash_state);
|
||
|
-
|
||
|
- /* We're doing this opportunistically, so if the seeding dance before didn't manage to initialize the
|
||
|
- * RNG, there's no point in doing it here. Secondly, getrandom(GRND_NONBLOCK) has been around longer
|
||
|
- * than EFI seeding anyway, so there's no point in having non-getrandom() fallbacks here. So if this
|
||
|
- * fails, just return early to cut our losses. */
|
||
|
- n = getrandom(buffer, sizeof(buffer), GRND_NONBLOCK);
|
||
|
- if (n < 0) {
|
||
|
- if (errno == EAGAIN) {
|
||
|
- log_debug_errno(errno, "Random pool not initialized yet, so skipping EFI seed update");
|
||
|
- return 0;
|
||
|
- }
|
||
|
- if (errno == ENOSYS) {
|
||
|
- log_debug_errno(errno, "getrandom() not available, so skipping EFI seed update");
|
||
|
- return 0;
|
||
|
- }
|
||
|
- return log_error_errno(errno, "Failed to generate random bytes for EFI seed: %m");
|
||
|
- }
|
||
|
- assert(n == sizeof(buffer));
|
||
|
-
|
||
|
- /* Hash the new seed into the state containing the old one to generate our final seed. */
|
||
|
- sha256_process_bytes_and_size(buffer, n, &hash_state);
|
||
|
- sha256_finish_ctx(&hash_state, buffer);
|
||
|
-
|
||
|
- if (lseek(seed_fd, 0, SEEK_SET) < 0)
|
||
|
- return log_error_errno(errno, "Failed to seek to beginning of EFI seed file: %m");
|
||
|
- r = loop_write(seed_fd, buffer, sizeof(buffer), false);
|
||
|
- if (r < 0)
|
||
|
- return log_error_errno(r, "Failed to write new EFI seed file: %m");
|
||
|
- if (ftruncate(seed_fd, sizeof(buffer)) < 0)
|
||
|
- return log_error_errno(errno, "Failed to truncate EFI seed file: %m");
|
||
|
- r = fsync_full(seed_fd);
|
||
|
- if (r < 0)
|
||
|
- return log_error_errno(r, "Failed to fsync EFI seed file: %m");
|
||
|
-
|
||
|
- log_debug("Updated random seed in ESP");
|
||
|
- return 0;
|
||
|
-}
|
||
|
-
|
||
|
static int help(int argc, char *argv[], void *userdata) {
|
||
|
_cleanup_free_ char *link = NULL;
|
||
|
int r;
|
||
|
@@ -525,10 +424,7 @@ static int run(int argc, char *argv[]) {
|
||
|
|
||
|
log_full_errno(level, open_rw_error, "Failed to open " RANDOM_SEED " for writing: %m");
|
||
|
log_full_errno(level, errno, "Failed to open " RANDOM_SEED " for reading: %m");
|
||
|
- r = -errno;
|
||
|
-
|
||
|
- (void) refresh_boot_seed();
|
||
|
- return missing ? 0 : r;
|
||
|
+ return missing ? 0 : -errno;
|
||
|
}
|
||
|
} else
|
||
|
write_seed_file = true;
|
||
|
@@ -538,7 +434,6 @@ static int run(int argc, char *argv[]) {
|
||
|
break;
|
||
|
|
||
|
case ACTION_SAVE:
|
||
|
- (void) refresh_boot_seed();
|
||
|
seed_fd = open(RANDOM_SEED, O_WRONLY|O_CLOEXEC|O_NOCTTY|O_CREAT, 0600);
|
||
|
if (seed_fd < 0)
|
||
|
return log_error_errno(errno, "Failed to open " RANDOM_SEED ": %m");
|
||
|
@@ -556,11 +451,9 @@ static int run(int argc, char *argv[]) {
|
||
|
if (r < 0)
|
||
|
return r;
|
||
|
|
||
|
- if (read_seed_file) {
|
||
|
+ if (read_seed_file)
|
||
|
r = load_seed_file(seed_fd, random_fd, seed_size,
|
||
|
write_seed_file ? &hash_state : NULL);
|
||
|
- (void) refresh_boot_seed();
|
||
|
- }
|
||
|
|
||
|
if (r >= 0 && write_seed_file)
|
||
|
r = save_seed_file(seed_fd, random_fd, seed_size, synchronous, hash_state);
|