mirror of
https://github.com/Telecominfraproject/OpenNetworkLinux.git
synced 2025-12-25 17:27:01 +00:00
e12e40f335
We start using Linux RNG from initrd with low entropy pools and random data quality might not be good. Kernel warns us about the problem with following messages in dmesg(1): [ 4.786307] random: onl-mounts: uninitialized urandom read (16 bytes read, 46 bits of entropy available) [ 5.307536] random: onl-mounts: uninitialized urandom read (16 bytes read, 83 bits of entropy available) [ 5.354480] random: blkid: uninitialized urandom read (6 bytes read, 89 bits of entropy available) [ 5.366963] random: blkid: uninitialized urandom read (6 bytes read, 90 bits of entropy available) [ 5.379385] random: blkid: uninitialized urandom read (6 bytes read, 90 bits of entropy available) [ 5.391910] random: blkid: uninitialized urandom read (6 bytes read, 90 bits of entropy available) [ 5.546389] random: onl-pki: uninitialized urandom read (16 bytes read, 96 bits of entropy available) [ 8.881398] random: mktemp: uninitialized urandom read (6 bytes read, 109 bits of entropy available) [ 9.026771] random: swiget: uninitialized urandom read (16 bytes read, 109 bits of entropy available) Since main rootfs isn't mounted we can't load entropy saved from previous runtime by systemd-random-seed (for systemd) and /etc/init.d/urandom (for sysvinit). Moreover even if we able to load this data, direct write to /dev/urandom or /dev/random does not change entropy count according to random(4) man page and /proc/sys/kernel/random/entropy_avail contents after loading data to /dev/urandom or /dev/random. To address this we should generate pseudo random data suitable for use as RNG seed based on frequently changed information in system and use some cryptographic grade hash to hide this info from RNG. Use MIT licensed initrng.py Python implementation for Linux RNG early init to seed RNG before executing onl-mounts and other stuff from early userspace in initramfs. Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>
Open Network Linux
Check out the main/offical website at http://opennetlinux.org .
Open Network Linux (ONL) is a Linux distribution for bare metal switches. ONL builds an ONIE-compatible installer and a switch image which contains a complete Debian distribution with added drivers and configuration for running on bare metal switches.
Software License
Licenses for the software are described under the LICENSE file. Download or use of the software implies consent.
Documentation
- docs/Building.md Instructions for building ONL from scratch.
Please see the docs directory for additional information.
![alt text] (https://scan.coverity.com/projects/8655/badge.svg "Coverity Scan Build Status")
