We start using Linux RNG from initrd with low entropy pools and random
data quality might not be good. Kernel warns us about the problem with
following messages in dmesg(1):
[ 4.786307] random: onl-mounts: uninitialized urandom read (16 bytes read, 46 bits of entropy available)
[ 5.307536] random: onl-mounts: uninitialized urandom read (16 bytes read, 83 bits of entropy available)
[ 5.354480] random: blkid: uninitialized urandom read (6 bytes read, 89 bits of entropy available)
[ 5.366963] random: blkid: uninitialized urandom read (6 bytes read, 90 bits of entropy available)
[ 5.379385] random: blkid: uninitialized urandom read (6 bytes read, 90 bits of entropy available)
[ 5.391910] random: blkid: uninitialized urandom read (6 bytes read, 90 bits of entropy available)
[ 5.546389] random: onl-pki: uninitialized urandom read (16 bytes read, 96 bits of entropy available)
[ 8.881398] random: mktemp: uninitialized urandom read (6 bytes read, 109 bits of entropy available)
[ 9.026771] random: swiget: uninitialized urandom read (16 bytes read, 109 bits of entropy available)
Since main rootfs isn't mounted we can't load entropy saved from
previous runtime by systemd-random-seed (for systemd) and
/etc/init.d/urandom (for sysvinit).
Moreover even if we able to load this data, direct write to /dev/urandom
or /dev/random does not change entropy count according to random(4) man
page and /proc/sys/kernel/random/entropy_avail contents after loading
data to /dev/urandom or /dev/random.
To address this we should generate pseudo random data suitable for use
as RNG seed based on frequently changed information in system and use
some cryptographic grade hash to hide this info from RNG.
Use MIT licensed initrng.py Python implementation for Linux RNG early
init to seed RNG before executing onl-mounts and other stuff from early
userspace in initramfs.
Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>
This variable is only required and used for dynamic network configs:
validating and configuring it for rest of the paths isn't necessary.
While there split warning message to two lines to make code and
runtime output more readable.
Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>
There are three types of value accepted by NETAUTO:
1) "dhcp" for automatic network settings via DHCP
2) "up" to bring link up, wait for IPv6 tentative and link up
operstate
3) anything else: apply static configuration, wait for IPv6
tentative and link up operstate
Note that empty ("") value is subset of 3) and we only skip link up
operstate monitoring for it since commit 3e89468cd0
("Don't require link-up on ma1 if NETAUTO is not specified.").
Add fourth case with NETAUTO=none to skip all but NETHW (hardware
address) from boot-config file and support different management
adapter config methods (e.g. Debian network config system).
This also fixes incorrect "return" statement usage outside of function
introduced with commit 3e89468cd0
("Don't require link-up on ma1 if NETAUTO is not specified.") and adds
newline before wait_link_up() to make code more readable.
Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>
When $NETAUTO=dhcp the transaction will now timeout after $NETRETRIES attempts.
If the system has a local install or SWI then booting can continue.
For systems which require DHCP to be functional before booting can continue
(for example SWIs downloaded via URL rather than locally) then NETRETRIES=infinite should be set in the boot-config.
NETRETRIES can be set to any number of attempts, or infinite. The default value is 5 attempts.
- Wait for ma1 linkup in the loader
A short wait has been introduced to allow ma1 to linkup prior to continuing.
- swi file timestamp is unreliable if clock is not set correctly
- extract build timestamp from manifest if available
- extract timestamp-ish string from 'version' file or from swi filename
