We start using Linux RNG from initrd with low entropy pools and random
data quality might not be good. Kernel warns us about the problem with
following messages in dmesg(1):
[ 4.786307] random: onl-mounts: uninitialized urandom read (16 bytes read, 46 bits of entropy available)
[ 5.307536] random: onl-mounts: uninitialized urandom read (16 bytes read, 83 bits of entropy available)
[ 5.354480] random: blkid: uninitialized urandom read (6 bytes read, 89 bits of entropy available)
[ 5.366963] random: blkid: uninitialized urandom read (6 bytes read, 90 bits of entropy available)
[ 5.379385] random: blkid: uninitialized urandom read (6 bytes read, 90 bits of entropy available)
[ 5.391910] random: blkid: uninitialized urandom read (6 bytes read, 90 bits of entropy available)
[ 5.546389] random: onl-pki: uninitialized urandom read (16 bytes read, 96 bits of entropy available)
[ 8.881398] random: mktemp: uninitialized urandom read (6 bytes read, 109 bits of entropy available)
[ 9.026771] random: swiget: uninitialized urandom read (16 bytes read, 109 bits of entropy available)
Since main rootfs isn't mounted we can't load entropy saved from
previous runtime by systemd-random-seed (for systemd) and
/etc/init.d/urandom (for sysvinit).
Moreover even if we able to load this data, direct write to /dev/urandom
or /dev/random does not change entropy count according to random(4) man
page and /proc/sys/kernel/random/entropy_avail contents after loading
data to /dev/urandom or /dev/random.
To address this we should generate pseudo random data suitable for use
as RNG seed based on frequently changed information in system and use
some cryptographic grade hash to hide this info from RNG.
Use MIT licensed initrng.py Python implementation for Linux RNG early
init to seed RNG before executing onl-mounts and other stuff from early
userspace in initramfs.
Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>
1. old method: open UART and close UART whenever we need to get information from BMC.
new method: open UART at beginning, then we use the UART(TTY) device directly.
2. old method: use onlp_i2c_readw() to get all QSFP/SFP's eeprom data, it spends 128 times i2c access time.
new method: use OOM's sysfs
we also correct the port mapping
3. reduce the UART(TTY) retry time and timeout time
4. add PSU's serial number information
1. old method: open UART and close UART whenever we need to get information from BMC.
new method: open UART at beginning, then we use the UART(TTY) device directly.
2. old method: use onlp_i2c_readw() to get all QSFP/SFP's eeprom data, it spends 128 times i2c access time.
new method: use OOM's sysfs
3. reduce the UART(TTY) retry time and timeout time
4. add PSU's serial number information
This variable is only required and used for dynamic network configs:
validating and configuring it for rest of the paths isn't necessary.
While there split warning message to two lines to make code and
runtime output more readable.
Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>
There are three types of value accepted by NETAUTO:
1) "dhcp" for automatic network settings via DHCP
2) "up" to bring link up, wait for IPv6 tentative and link up
operstate
3) anything else: apply static configuration, wait for IPv6
tentative and link up operstate
Note that empty ("") value is subset of 3) and we only skip link up
operstate monitoring for it since commit 3e89468cd0
("Don't require link-up on ma1 if NETAUTO is not specified.").
Add fourth case with NETAUTO=none to skip all but NETHW (hardware
address) from boot-config file and support different management
adapter config methods (e.g. Debian network config system).
This also fixes incorrect "return" statement usage outside of function
introduced with commit 3e89468cd0
("Don't require link-up on ma1 if NETAUTO is not specified.") and adds
newline before wait_link_up() to make code more readable.
Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>
Since empty NETAUTO= in /mnt/onl/boot/boot-config is valud according to
rules in initramfs /boot/ifup, follow this behavior in onl-boot-config
to get rid of incorrect message:
root@localhost:/# onl-boot-config --show
NETDEV=ma1
BOOTMODE=INSTALLED
SWI=images::latest
NETAUTO=
The NETAUTO value '' is invalid.
The boot configuration has not been changed.
Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>
