]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
6e200d55 | 2 | |
6e200d55 | 3 | #include <errno.h> |
07630cea | 4 | #include <fcntl.h> |
0d0c6639 | 5 | #include <getopt.h> |
26ded557 | 6 | #include <linux/random.h> |
26ded557 LP |
7 | #include <sys/ioctl.h> |
8 | #if USE_SYS_RANDOM_H | |
9 | # include <sys/random.h> | |
10 | #endif | |
6e200d55 | 11 | #include <sys/stat.h> |
26ded557 | 12 | #include <sys/xattr.h> |
07630cea | 13 | #include <unistd.h> |
6e200d55 | 14 | |
8ba12aef LP |
15 | #include "sd-id128.h" |
16 | ||
b5efdb8a | 17 | #include "alloc-util.h" |
d6b4d1c7 | 18 | #include "build.h" |
f913c784 JD |
19 | #include "chase-symlinks.h" |
20 | #include "efi-loader.h" | |
3ffd4af2 | 21 | #include "fd-util.h" |
f913c784 | 22 | #include "find-esp.h" |
4b3b5bc7 | 23 | #include "fs-util.h" |
c004493c | 24 | #include "io-util.h" |
6e200d55 | 25 | #include "log.h" |
5e332028 | 26 | #include "main-func.h" |
123aeae2 | 27 | #include "missing_random.h" |
f5947a5e | 28 | #include "missing_syscall.h" |
49e942b2 | 29 | #include "mkdir.h" |
0d0c6639 | 30 | #include "parse-argument.h" |
26ded557 | 31 | #include "parse-util.h" |
f913c784 | 32 | #include "path-util.h" |
0d0c6639 | 33 | #include "pretty-print.h" |
3e155eba | 34 | #include "random-util.h" |
0d0c6639 | 35 | #include "string-table.h" |
07630cea | 36 | #include "string-util.h" |
0d0c6639 | 37 | #include "strv.h" |
bf819d3a | 38 | #include "sync-util.h" |
da2862ef | 39 | #include "sha256.h" |
0d0c6639 | 40 | #include "terminal-util.h" |
26ded557 LP |
41 | #include "xattr-util.h" |
42 | ||
0d0c6639 FB |
43 | typedef enum SeedAction { |
44 | ACTION_LOAD, | |
45 | ACTION_SAVE, | |
46 | _ACTION_MAX, | |
47 | _ACTION_INVALID = -EINVAL, | |
48 | } SeedAction; | |
49 | ||
26ded557 LP |
50 | typedef enum CreditEntropy { |
51 | CREDIT_ENTROPY_NO_WAY, | |
52 | CREDIT_ENTROPY_YES_PLEASE, | |
53 | CREDIT_ENTROPY_YES_FORCED, | |
54 | } CreditEntropy; | |
55 | ||
0d0c6639 FB |
56 | static SeedAction arg_action = _ACTION_INVALID; |
57 | ||
26ded557 LP |
58 | static CreditEntropy may_credit(int seed_fd) { |
59 | _cleanup_free_ char *creditable = NULL; | |
60 | const char *e; | |
61 | int r; | |
62 | ||
63 | assert(seed_fd >= 0); | |
64 | ||
65 | e = getenv("SYSTEMD_RANDOM_SEED_CREDIT"); | |
66 | if (!e) { | |
67 | log_debug("$SYSTEMD_RANDOM_SEED_CREDIT is not set, not crediting entropy."); | |
68 | return CREDIT_ENTROPY_NO_WAY; | |
69 | } | |
70 | if (streq(e, "force")) { | |
71 | log_debug("$SYSTEMD_RANDOM_SEED_CREDIT is set to 'force', crediting entropy."); | |
72 | return CREDIT_ENTROPY_YES_FORCED; | |
73 | } | |
74 | ||
75 | r = parse_boolean(e); | |
76 | if (r <= 0) { | |
77 | if (r < 0) | |
78 | log_warning_errno(r, "Failed to parse $SYSTEMD_RANDOM_SEED_CREDIT, not crediting entropy: %m"); | |
79 | else | |
80 | log_debug("Crediting entropy is turned off via $SYSTEMD_RANDOM_SEED_CREDIT, not crediting entropy."); | |
81 | ||
82 | return CREDIT_ENTROPY_NO_WAY; | |
83 | } | |
84 | ||
85 | /* Determine if the file is marked as creditable */ | |
86 | r = fgetxattr_malloc(seed_fd, "user.random-seed-creditable", &creditable); | |
87 | if (r < 0) { | |
00675c36 | 88 | if (ERRNO_IS_XATTR_ABSENT(r)) |
26ded557 LP |
89 | log_debug_errno(r, "Seed file is not marked as creditable, not crediting."); |
90 | else | |
91 | log_warning_errno(r, "Failed to read extended attribute, ignoring: %m"); | |
92 | ||
93 | return CREDIT_ENTROPY_NO_WAY; | |
94 | } | |
95 | ||
96 | r = parse_boolean(creditable); | |
97 | if (r <= 0) { | |
98 | if (r < 0) | |
99 | log_warning_errno(r, "Failed to parse user.random-seed-creditable extended attribute, ignoring: %s", creditable); | |
100 | else | |
101 | log_debug("Seed file is marked as not creditable, not crediting."); | |
102 | ||
103 | return CREDIT_ENTROPY_NO_WAY; | |
104 | } | |
105 | ||
106 | /* Don't credit the random seed if we are in first-boot mode, because we are supposed to start from | |
107 | * scratch. This is a safety precaution for cases where we people ship "golden" images with empty | |
108 | * /etc but populated /var that contains a random seed. */ | |
249d31b0 FB |
109 | r = RET_NERRNO(access("/run/systemd/first-boot", F_OK)); |
110 | if (r == -ENOENT) | |
111 | /* All is good, we are not in first-boot mode. */ | |
112 | return CREDIT_ENTROPY_YES_PLEASE; | |
113 | if (r < 0) { | |
114 | log_warning_errno(r, "Failed to check whether we are in first-boot mode, not crediting entropy: %m"); | |
26ded557 LP |
115 | return CREDIT_ENTROPY_NO_WAY; |
116 | } | |
117 | ||
249d31b0 FB |
118 | log_debug("Not crediting entropy, since booted in first-boot mode."); |
119 | return CREDIT_ENTROPY_NO_WAY; | |
26ded557 | 120 | } |
6e200d55 | 121 | |
205138d8 FB |
122 | static int random_seed_size(int seed_fd, size_t *ret_size) { |
123 | struct stat st; | |
124 | ||
125 | assert(ret_size); | |
126 | assert(seed_fd >= 0); | |
127 | ||
128 | if (fstat(seed_fd, &st) < 0) | |
129 | return log_error_errno(errno, "Failed to stat() seed file " RANDOM_SEED ": %m"); | |
130 | ||
131 | /* If the seed file is larger than what the kernel expects, then honour the existing size and | |
132 | * save/restore as much as it says */ | |
133 | ||
134 | *ret_size = CLAMP((uint64_t)st.st_size, random_pool_size(), RANDOM_POOL_SIZE_MAX); | |
135 | return 0; | |
136 | } | |
137 | ||
a2f0dbb8 FB |
138 | static void load_machine_id(int urandom_fd) { |
139 | sd_id128_t mid; | |
140 | int r; | |
141 | ||
142 | assert(urandom_fd >= 0); | |
143 | ||
144 | /* As an extra protection against "golden images" that are put together sloppily, i.e. images which | |
145 | * are duplicated on multiple systems but where the random seed file is not properly | |
146 | * reset. Frequently the machine ID is properly reset on those systems however (simply because it's | |
147 | * easier to notice, if it isn't due to address clashes and so on, while random seed equivalence is | |
148 | * generally not noticed easily), hence let's simply write the machined ID into the random pool | |
149 | * too. */ | |
150 | r = sd_id128_get_machine(&mid); | |
151 | if (r < 0) | |
152 | return (void) log_debug_errno(r, "Failed to get machine ID, ignoring: %m"); | |
153 | ||
154 | r = random_write_entropy(urandom_fd, &mid, sizeof(mid), /* credit= */ false); | |
155 | if (r < 0) | |
156 | log_debug_errno(r, "Failed to write machine ID to /dev/urandom, ignoring: %m"); | |
157 | } | |
158 | ||
d3fa881a FB |
159 | static int load_seed_file( |
160 | int seed_fd, | |
161 | int urandom_fd, | |
162 | size_t seed_size, | |
163 | struct sha256_ctx **ret_hash_state) { | |
164 | ||
165 | _cleanup_free_ void *buf = NULL; | |
166 | CreditEntropy lets_credit; | |
d3fa881a FB |
167 | ssize_t k; |
168 | int r; | |
169 | ||
170 | assert(seed_fd >= 0); | |
171 | assert(urandom_fd >= 0); | |
172 | ||
d3fa881a FB |
173 | buf = malloc(seed_size); |
174 | if (!buf) | |
175 | return log_oom(); | |
176 | ||
177 | k = loop_read(seed_fd, buf, seed_size, false); | |
178 | if (k < 0) { | |
ea37e1ed | 179 | log_warning_errno(k, "Failed to read seed from " RANDOM_SEED ": %m"); |
d3fa881a FB |
180 | return 0; |
181 | } | |
182 | if (k == 0) { | |
183 | log_debug("Seed file " RANDOM_SEED " not yet initialized, proceeding."); | |
184 | return 0; | |
185 | } | |
186 | ||
187 | /* If we're going to later write out a seed file, initialize a hash state with the contents of the | |
188 | * seed file we just read, so that the new one can't regress in entropy. */ | |
189 | if (ret_hash_state) { | |
190 | struct sha256_ctx *hash_state; | |
191 | ||
f913c784 | 192 | hash_state = new(struct sha256_ctx, 1); |
d3fa881a FB |
193 | if (!hash_state) |
194 | return log_oom(); | |
195 | ||
196 | sha256_init_ctx(hash_state); | |
197 | sha256_process_bytes(&k, sizeof(k), hash_state); /* Hash length to distinguish from new seed. */ | |
198 | sha256_process_bytes(buf, k, hash_state); | |
199 | ||
200 | *ret_hash_state = hash_state; | |
201 | } | |
202 | ||
203 | (void) lseek(seed_fd, 0, SEEK_SET); | |
204 | ||
205 | lets_credit = may_credit(seed_fd); | |
206 | ||
207 | /* Before we credit or use the entropy, let's make sure to securely drop the creditable xattr from | |
208 | * the file, so that we never credit the same random seed again. Note that further down we'll write a | |
209 | * new seed again, and likely mark it as credible again, hence this is just paranoia to close the | |
210 | * short time window between the time we upload the random seed into the kernel and download the new | |
211 | * one from it. */ | |
212 | ||
213 | if (fremovexattr(seed_fd, "user.random-seed-creditable") < 0) { | |
214 | if (!ERRNO_IS_XATTR_ABSENT(errno)) | |
215 | log_warning_errno(errno, "Failed to remove extended attribute, ignoring: %m"); | |
216 | ||
217 | /* Otherwise, there was no creditable flag set, which is OK. */ | |
218 | } else { | |
219 | r = fsync_full(seed_fd); | |
220 | if (r < 0) { | |
221 | log_warning_errno(r, "Failed to synchronize seed to disk, not crediting entropy: %m"); | |
222 | ||
223 | if (lets_credit == CREDIT_ENTROPY_YES_PLEASE) | |
224 | lets_credit = CREDIT_ENTROPY_NO_WAY; | |
225 | } | |
226 | } | |
227 | ||
228 | r = random_write_entropy(urandom_fd, buf, k, | |
229 | IN_SET(lets_credit, CREDIT_ENTROPY_YES_PLEASE, CREDIT_ENTROPY_YES_FORCED)); | |
230 | if (r < 0) | |
ea37e1ed | 231 | log_warning_errno(r, "Failed to write seed to /dev/urandom: %m"); |
d3fa881a FB |
232 | |
233 | return 0; | |
234 | } | |
235 | ||
236 | static int save_seed_file( | |
237 | int seed_fd, | |
238 | int urandom_fd, | |
239 | size_t seed_size, | |
240 | bool synchronous, | |
241 | struct sha256_ctx *hash_state) { | |
242 | ||
243 | _cleanup_free_ void *buf = NULL; | |
244 | bool getrandom_worked = false; | |
245 | ssize_t k, l; | |
246 | int r; | |
247 | ||
248 | assert(seed_fd >= 0); | |
249 | assert(urandom_fd >= 0); | |
250 | ||
251 | /* This is just a safety measure. Given that we are root and most likely created the file ourselves | |
252 | * the mode and owner should be correct anyway. */ | |
253 | r = fchmod_and_chown(seed_fd, 0600, 0, 0); | |
254 | if (r < 0) | |
255 | return log_error_errno(r, "Failed to adjust seed file ownership and access mode: %m"); | |
256 | ||
257 | buf = malloc(seed_size); | |
258 | if (!buf) | |
259 | return log_oom(); | |
260 | ||
d3fa881a FB |
261 | k = getrandom(buf, seed_size, GRND_NONBLOCK); |
262 | if (k < 0 && errno == EAGAIN && synchronous) { | |
46e0b5dc FB |
263 | /* If we're asked to make ourselves a barrier for proper initialization of the random pool |
264 | * make this whole job synchronous by asking getrandom() to wait until the requested number | |
265 | * of random bytes is available. */ | |
d3fa881a | 266 | log_notice("Kernel entropy pool is not initialized yet, waiting until it is."); |
46e0b5dc | 267 | k = getrandom(buf, seed_size, 0); |
d3fa881a FB |
268 | } |
269 | if (k < 0) | |
270 | log_debug_errno(errno, "Failed to read random data with getrandom(), falling back to /dev/urandom: %m"); | |
271 | else if ((size_t) k < seed_size) | |
272 | log_debug("Short read from getrandom(), falling back to /dev/urandom."); | |
273 | else | |
274 | getrandom_worked = true; | |
275 | ||
276 | if (!getrandom_worked) { | |
277 | /* Retry with classic /dev/urandom */ | |
278 | k = loop_read(urandom_fd, buf, seed_size, false); | |
279 | if (k < 0) | |
280 | return log_error_errno(k, "Failed to read new seed from /dev/urandom: %m"); | |
281 | if (k == 0) | |
282 | return log_error_errno(SYNTHETIC_ERRNO(EIO), "Got EOF while reading from /dev/urandom."); | |
283 | } | |
284 | ||
285 | /* If we previously read in a seed file, then hash the new seed into the old one, and replace the | |
286 | * last 32 bytes of the seed with the hash output, so that the new seed file can't regress in | |
287 | * entropy. */ | |
288 | if (hash_state) { | |
289 | uint8_t hash[SHA256_DIGEST_SIZE]; | |
290 | ||
291 | sha256_process_bytes(&k, sizeof(k), hash_state); /* Hash length to distinguish from old seed. */ | |
292 | sha256_process_bytes(buf, k, hash_state); | |
293 | sha256_finish_ctx(hash_state, hash); | |
294 | l = MIN((size_t)k, sizeof(hash)); | |
295 | memcpy((uint8_t *)buf + k - l, hash, l); | |
296 | } | |
297 | ||
298 | r = loop_write(seed_fd, buf, (size_t) k, false); | |
299 | if (r < 0) | |
300 | return log_error_errno(r, "Failed to write new random seed file: %m"); | |
301 | ||
302 | if (ftruncate(seed_fd, k) < 0) | |
303 | return log_error_errno(r, "Failed to truncate random seed file: %m"); | |
304 | ||
305 | r = fsync_full(seed_fd); | |
306 | if (r < 0) | |
307 | return log_error_errno(r, "Failed to synchronize seed file: %m"); | |
308 | ||
309 | /* If we got this random seed data from getrandom() the data is suitable for crediting entropy later | |
310 | * on. Let's keep that in mind by setting an extended attribute. on the file */ | |
311 | if (getrandom_worked) | |
312 | if (fsetxattr(seed_fd, "user.random-seed-creditable", "1", 1, 0) < 0) | |
313 | log_full_errno(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING, errno, | |
314 | "Failed to mark seed file as creditable, ignoring: %m"); | |
315 | return 0; | |
316 | } | |
317 | ||
f913c784 JD |
318 | static int refresh_boot_seed(void) { |
319 | uint8_t buffer[RANDOM_EFI_SEED_SIZE]; | |
320 | struct sha256_ctx hash_state; | |
321 | _cleanup_free_ void *seed_file_bytes = NULL; | |
322 | _cleanup_free_ char *esp_path = NULL; | |
3daeef08 | 323 | _cleanup_close_ int seed_fd = -1, dir_fd = -1; |
f913c784 | 324 | size_t len; |
3daeef08 JD |
325 | ssize_t n; |
326 | int r; | |
f913c784 JD |
327 | |
328 | assert_cc(RANDOM_EFI_SEED_SIZE == SHA256_DIGEST_SIZE); | |
329 | ||
330 | r = find_esp_and_warn(NULL, NULL, /* unprivileged_mode= */ false, &esp_path, | |
331 | NULL, NULL, NULL, NULL, NULL); | |
332 | if (r < 0) { | |
333 | if (r == -ENOKEY) { | |
334 | log_debug_errno(r, "Couldn't find any ESP, so not updating ESP random seed."); | |
335 | return 0; | |
336 | } | |
337 | return r; /* find_esp_and_warn() already logged */ | |
338 | } | |
339 | ||
3daeef08 JD |
340 | r = chase_symlinks("/loader", esp_path, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, NULL, &dir_fd); |
341 | if (r < 0) { | |
342 | if (r == -ENOENT) { | |
343 | log_debug_errno(r, "Couldn't find ESP loader directory, so not updating ESP random seed."); | |
344 | return 0; | |
345 | } | |
346 | return log_error_errno(r, "Failed to open ESP loader directory: %m"); | |
347 | } | |
348 | seed_fd = openat(dir_fd, "random-seed", O_NOFOLLOW|O_RDWR|O_CLOEXEC|O_NOCTTY); | |
349 | if (seed_fd < 0 && errno == ENOENT) { | |
f913c784 | 350 | uint64_t features; |
f913c784 | 351 | r = efi_loader_get_features(&features); |
3daeef08 JD |
352 | if (r == 0 && FLAGS_SET(features, EFI_LOADER_FEATURE_RANDOM_SEED)) |
353 | seed_fd = openat(dir_fd, "random-seed", O_CREAT|O_EXCL|O_RDWR|O_CLOEXEC|O_NOCTTY, 0600); | |
354 | else { | |
355 | log_debug_errno(seed_fd, "Couldn't find ESP random seed, and not booted with systemd-boot, so not updating ESP random seed."); | |
356 | return 0; | |
f913c784 JD |
357 | } |
358 | } | |
3daeef08 JD |
359 | if (seed_fd < 0) |
360 | return log_error_errno(errno, "Failed to open EFI seed path: %m"); | |
f913c784 JD |
361 | r = random_seed_size(seed_fd, &len); |
362 | if (r < 0) | |
363 | return log_error_errno(r, "Failed to determine EFI seed path length: %m"); | |
364 | seed_file_bytes = malloc(len); | |
365 | if (!seed_file_bytes) | |
366 | return log_oom(); | |
3daeef08 JD |
367 | n = loop_read(seed_fd, seed_file_bytes, len, false); |
368 | if (n < 0) | |
369 | return log_error_errno(n, "Failed to read EFI seed file: %m"); | |
f913c784 JD |
370 | |
371 | /* Hash the old seed in so that we never regress in entropy. */ | |
372 | sha256_init_ctx(&hash_state); | |
3daeef08 JD |
373 | sha256_process_bytes(&n, sizeof(n), &hash_state); |
374 | sha256_process_bytes(seed_file_bytes, n, &hash_state); | |
f913c784 JD |
375 | |
376 | /* We're doing this opportunistically, so if the seeding dance before didn't manage to initialize the | |
377 | * RNG, there's no point in doing it here. Secondly, getrandom(GRND_NONBLOCK) has been around longer | |
378 | * than EFI seeding anyway, so there's no point in having non-getrandom() fallbacks here. So if this | |
379 | * fails, just return early to cut our losses. */ | |
3daeef08 JD |
380 | n = getrandom(buffer, sizeof(buffer), GRND_NONBLOCK); |
381 | if (n < 0) { | |
f913c784 JD |
382 | if (errno == EAGAIN) { |
383 | log_debug_errno(errno, "Random pool not initialized yet, so skipping EFI seed update"); | |
384 | return 0; | |
385 | } | |
386 | if (errno == ENOSYS) { | |
387 | log_debug_errno(errno, "getrandom() not available, so skipping EFI seed update"); | |
388 | return 0; | |
389 | } | |
390 | return log_error_errno(errno, "Failed to generate random bytes for EFI seed: %m"); | |
391 | } | |
3daeef08 | 392 | assert(n == sizeof(buffer)); |
f913c784 JD |
393 | |
394 | /* Hash the new seed into the state containing the old one to generate our final seed. */ | |
3daeef08 JD |
395 | sha256_process_bytes(&n, sizeof(n), &hash_state); |
396 | sha256_process_bytes(buffer, n, &hash_state); | |
f913c784 JD |
397 | sha256_finish_ctx(&hash_state, buffer); |
398 | ||
399 | if (lseek(seed_fd, 0, SEEK_SET) < 0) | |
400 | return log_error_errno(errno, "Failed to seek to beginning of EFI seed file: %m"); | |
401 | r = loop_write(seed_fd, buffer, sizeof(buffer), false); | |
402 | if (r < 0) | |
403 | return log_error_errno(r, "Failed to write new EFI seed file: %m"); | |
404 | if (ftruncate(seed_fd, sizeof(buffer)) < 0) | |
405 | return log_error_errno(errno, "Failed to truncate EFI seed file: %m"); | |
406 | r = fsync_full(seed_fd); | |
407 | if (r < 0) | |
3daeef08 | 408 | return log_error_errno(r, "Failed to fsync EFI seed file: %m"); |
f913c784 JD |
409 | |
410 | log_debug("Updated random seed in ESP"); | |
411 | return 0; | |
412 | } | |
413 | ||
0d0c6639 FB |
414 | static int help(int argc, char *argv[], void *userdata) { |
415 | _cleanup_free_ char *link = NULL; | |
416 | int r; | |
417 | ||
418 | r = terminal_urlify_man("systemd-random-seed", "8", &link); | |
419 | if (r < 0) | |
420 | return log_oom(); | |
421 | ||
422 | printf("%1$s [OPTIONS...] COMMAND\n" | |
423 | "\n%5$sLoad and save the system random seed at boot and shutdown.%6$s\n" | |
424 | "\n%3$sCommands:%4$s\n" | |
425 | " load Load a random seed saved on disk into the kernel entropy pool\n" | |
426 | " save Save a new random seed on disk\n" | |
427 | "\n%3$sOptions:%4$s\n" | |
428 | " -h --help Show this help\n" | |
429 | " --version Show package version\n" | |
430 | "\nSee the %2$s for details.\n", | |
431 | program_invocation_short_name, | |
432 | link, | |
433 | ansi_underline(), | |
434 | ansi_normal(), | |
435 | ansi_highlight(), | |
436 | ansi_normal()); | |
437 | ||
438 | return 0; | |
439 | } | |
440 | ||
441 | static const char* const seed_action_table[_ACTION_MAX] = { | |
442 | [ACTION_LOAD] = "load", | |
443 | [ACTION_SAVE] = "save", | |
444 | }; | |
445 | ||
446 | DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(seed_action, SeedAction); | |
447 | ||
448 | static int parse_argv(int argc, char *argv[]) { | |
449 | enum { | |
450 | ARG_VERSION = 0x100, | |
451 | }; | |
452 | ||
453 | static const struct option options[] = { | |
454 | { "help", no_argument, NULL, 'h' }, | |
455 | { "version", no_argument, NULL, ARG_VERSION }, | |
456 | }; | |
457 | ||
458 | int c; | |
459 | ||
460 | assert(argc >= 0); | |
461 | assert(argv); | |
462 | ||
463 | while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) | |
464 | switch (c) { | |
465 | case 'h': | |
466 | return help(0, NULL, NULL); | |
467 | case ARG_VERSION: | |
468 | return version(); | |
469 | case '?': | |
470 | return -EINVAL; | |
471 | ||
472 | default: | |
473 | assert_not_reached(); | |
474 | } | |
475 | ||
476 | if (optind + 1 != argc) | |
477 | return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "This program requires one argument."); | |
478 | ||
479 | arg_action = seed_action_from_string(argv[optind]); | |
480 | if (arg_action < 0) | |
481 | return log_error_errno(arg_action, "Unknown action '%s'", argv[optind]); | |
482 | ||
483 | return 1; | |
484 | } | |
485 | ||
72d0d7a6 | 486 | static int run(int argc, char *argv[]) { |
d3fa881a | 487 | _cleanup_free_ struct sha256_ctx *hash_state = NULL; |
ce179470 | 488 | _cleanup_close_ int seed_fd = -1, random_fd = -1; |
d3fa881a FB |
489 | bool read_seed_file, write_seed_file, synchronous; |
490 | size_t seed_size; | |
ac93390b | 491 | int r; |
6e200d55 | 492 | |
d2acb93d | 493 | log_setup(); |
6e200d55 | 494 | |
0d0c6639 FB |
495 | r = parse_argv(argc, argv); |
496 | if (r <= 0) | |
497 | return r; | |
72d0d7a6 | 498 | |
4c12626c LP |
499 | umask(0022); |
500 | ||
5468d9af | 501 | r = mkdir_parents(RANDOM_SEED, 0755); |
72d0d7a6 ZJS |
502 | if (r < 0) |
503 | return log_error_errno(r, "Failed to create directory " RANDOM_SEED_DIR ": %m"); | |
b56e5747 | 504 | |
f913c784 JD |
505 | random_fd = open("/dev/urandom", O_RDWR|O_CLOEXEC|O_NOCTTY); |
506 | if (random_fd < 0) | |
507 | return log_error_errno(errno, "Failed to open /dev/urandom: %m"); | |
508 | ||
0d0c6639 FB |
509 | /* When we load the seed we read it and write it to the device and then immediately update the saved |
510 | * seed with new data, to make sure the next boot gets seeded differently. */ | |
6e200d55 | 511 | |
0d0c6639 FB |
512 | switch (arg_action) { |
513 | case ACTION_LOAD: | |
a2f0dbb8 FB |
514 | /* First, let's write the machine ID into /dev/urandom, not crediting entropy. See |
515 | * load_machine_id() for an explanation why. */ | |
516 | load_machine_id(random_fd); | |
517 | ||
ce179470 LP |
518 | seed_fd = open(RANDOM_SEED, O_RDWR|O_CLOEXEC|O_NOCTTY|O_CREAT, 0600); |
519 | if (seed_fd < 0) { | |
15d961bf LP |
520 | int open_rw_error = -errno; |
521 | ||
ac93390b | 522 | write_seed_file = false; |
8edc2d22 | 523 | |
ce179470 LP |
524 | seed_fd = open(RANDOM_SEED, O_RDONLY|O_CLOEXEC|O_NOCTTY); |
525 | if (seed_fd < 0) { | |
8edc2d22 | 526 | bool missing = errno == ENOENT; |
3f6fbfe6 | 527 | int level = missing ? LOG_DEBUG : LOG_ERR; |
8edc2d22 | 528 | |
3f6fbfe6 FB |
529 | log_full_errno(level, open_rw_error, "Failed to open " RANDOM_SEED " for writing: %m"); |
530 | log_full_errno(level, errno, "Failed to open " RANDOM_SEED " for reading: %m"); | |
f913c784 | 531 | r = -errno; |
3f6fbfe6 | 532 | |
f913c784 JD |
533 | (void) refresh_boot_seed(); |
534 | return missing ? 0 : r; | |
6e200d55 | 535 | } |
ac93390b LP |
536 | } else |
537 | write_seed_file = true; | |
6e200d55 | 538 | |
ac93390b | 539 | read_seed_file = true; |
26ded557 | 540 | synchronous = true; /* make this invocation a synchronous barrier for random pool initialization */ |
0d0c6639 | 541 | break; |
6e200d55 | 542 | |
0d0c6639 | 543 | case ACTION_SAVE: |
f913c784 | 544 | (void) refresh_boot_seed(); |
ce179470 | 545 | seed_fd = open(RANDOM_SEED, O_WRONLY|O_CLOEXEC|O_NOCTTY|O_CREAT, 0600); |
72d0d7a6 ZJS |
546 | if (seed_fd < 0) |
547 | return log_error_errno(errno, "Failed to open " RANDOM_SEED ": %m"); | |
6e200d55 | 548 | |
ac93390b LP |
549 | read_seed_file = false; |
550 | write_seed_file = true; | |
26ded557 | 551 | synchronous = false; |
0d0c6639 FB |
552 | break; |
553 | ||
554 | default: | |
555 | assert_not_reached(); | |
556 | } | |
6e200d55 | 557 | |
d3fa881a | 558 | r = random_seed_size(seed_fd, &seed_size); |
205138d8 FB |
559 | if (r < 0) |
560 | return r; | |
ac93390b | 561 | |
f913c784 | 562 | if (read_seed_file) { |
d3fa881a FB |
563 | r = load_seed_file(seed_fd, random_fd, seed_size, |
564 | write_seed_file ? &hash_state : NULL); | |
f913c784 JD |
565 | (void) refresh_boot_seed(); |
566 | } | |
26ded557 | 567 | |
d3fa881a FB |
568 | if (r >= 0 && write_seed_file) |
569 | r = save_seed_file(seed_fd, random_fd, seed_size, synchronous, hash_state); | |
26ded557 | 570 | |
d3fa881a | 571 | return r; |
6e200d55 | 572 | } |
72d0d7a6 ZJS |
573 | |
574 | DEFINE_MAIN_FUNCTION(run); |