mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-01-06 13:17:44 +03:00
random-seed: don't refresh EFI random seed from random-seed.c anymore
The ESP is simply not mounted early enough for this. We want that the
regular random seed handling runs as early as we possibly could, but we
don't want to delay this until the ESP is actually mounted.
Hence, let's remove this from random-seed.c here. A follow-up commit
will then add this back in, in a separate service which just calls
"bootctl random-seed".
Effectively reverts: f913c784ad
Fixes: #25769
This commit is contained in:
parent
a16c65f3c4
commit
29d487adb4
@ -16,10 +16,7 @@
|
||||
|
||||
#include "alloc-util.h"
|
||||
#include "build.h"
|
||||
#include "chase-symlinks.h"
|
||||
#include "efi-loader.h"
|
||||
#include "fd-util.h"
|
||||
#include "find-esp.h"
|
||||
#include "fs-util.h"
|
||||
#include "io-util.h"
|
||||
#include "log.h"
|
||||
@ -27,17 +24,13 @@
|
||||
#include "missing_random.h"
|
||||
#include "missing_syscall.h"
|
||||
#include "mkdir.h"
|
||||
#include "parse-argument.h"
|
||||
#include "parse-util.h"
|
||||
#include "path-util.h"
|
||||
#include "pretty-print.h"
|
||||
#include "random-util.h"
|
||||
#include "string-table.h"
|
||||
#include "string-util.h"
|
||||
#include "strv.h"
|
||||
#include "sync-util.h"
|
||||
#include "sha256.h"
|
||||
#include "terminal-util.h"
|
||||
#include "xattr-util.h"
|
||||
|
||||
typedef enum SeedAction {
|
||||
@ -313,100 +306,6 @@ static int save_seed_file(
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int refresh_boot_seed(void) {
|
||||
uint8_t buffer[RANDOM_EFI_SEED_SIZE];
|
||||
struct sha256_ctx hash_state;
|
||||
_cleanup_free_ void *seed_file_bytes = NULL;
|
||||
_cleanup_free_ char *esp_path = NULL;
|
||||
_cleanup_close_ int seed_fd = -EBADF, dir_fd = -EBADF;
|
||||
size_t len;
|
||||
ssize_t n;
|
||||
int r;
|
||||
|
||||
assert_cc(RANDOM_EFI_SEED_SIZE == SHA256_DIGEST_SIZE);
|
||||
|
||||
r = find_esp_and_warn(NULL, NULL, /* unprivileged_mode= */ false, &esp_path,
|
||||
NULL, NULL, NULL, NULL, NULL);
|
||||
if (r < 0) {
|
||||
if (r == -ENOKEY) {
|
||||
log_debug_errno(r, "Couldn't find any ESP, so not updating ESP random seed.");
|
||||
return 0;
|
||||
}
|
||||
return r; /* find_esp_and_warn() already logged */
|
||||
}
|
||||
|
||||
r = chase_symlinks("/loader", esp_path, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, NULL, &dir_fd);
|
||||
if (r < 0) {
|
||||
if (r == -ENOENT) {
|
||||
log_debug_errno(r, "Couldn't find ESP loader directory, so not updating ESP random seed.");
|
||||
return 0;
|
||||
}
|
||||
return log_error_errno(r, "Failed to open ESP loader directory: %m");
|
||||
}
|
||||
seed_fd = openat(dir_fd, "random-seed", O_NOFOLLOW|O_RDWR|O_CLOEXEC|O_NOCTTY);
|
||||
if (seed_fd < 0 && errno == ENOENT) {
|
||||
uint64_t features;
|
||||
r = efi_loader_get_features(&features);
|
||||
if (r == 0 && FLAGS_SET(features, EFI_LOADER_FEATURE_RANDOM_SEED))
|
||||
seed_fd = openat(dir_fd, "random-seed", O_CREAT|O_EXCL|O_RDWR|O_CLOEXEC|O_NOCTTY, 0600);
|
||||
else {
|
||||
log_debug_errno(seed_fd, "Couldn't find ESP random seed, and not booted with systemd-boot, so not updating ESP random seed.");
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
if (seed_fd < 0)
|
||||
return log_error_errno(errno, "Failed to open EFI seed path: %m");
|
||||
r = random_seed_size(seed_fd, &len);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to determine EFI seed path length: %m");
|
||||
seed_file_bytes = malloc(len);
|
||||
if (!seed_file_bytes)
|
||||
return log_oom();
|
||||
n = loop_read(seed_fd, seed_file_bytes, len, false);
|
||||
if (n < 0)
|
||||
return log_error_errno(n, "Failed to read EFI seed file: %m");
|
||||
|
||||
/* Hash the old seed in so that we never regress in entropy. */
|
||||
sha256_init_ctx(&hash_state);
|
||||
sha256_process_bytes_and_size(seed_file_bytes, n, &hash_state);
|
||||
|
||||
/* We're doing this opportunistically, so if the seeding dance before didn't manage to initialize the
|
||||
* RNG, there's no point in doing it here. Secondly, getrandom(GRND_NONBLOCK) has been around longer
|
||||
* than EFI seeding anyway, so there's no point in having non-getrandom() fallbacks here. So if this
|
||||
* fails, just return early to cut our losses. */
|
||||
n = getrandom(buffer, sizeof(buffer), GRND_NONBLOCK);
|
||||
if (n < 0) {
|
||||
if (errno == EAGAIN) {
|
||||
log_debug_errno(errno, "Random pool not initialized yet, so skipping EFI seed update");
|
||||
return 0;
|
||||
}
|
||||
if (errno == ENOSYS) {
|
||||
log_debug_errno(errno, "getrandom() not available, so skipping EFI seed update");
|
||||
return 0;
|
||||
}
|
||||
return log_error_errno(errno, "Failed to generate random bytes for EFI seed: %m");
|
||||
}
|
||||
assert(n == sizeof(buffer));
|
||||
|
||||
/* Hash the new seed into the state containing the old one to generate our final seed. */
|
||||
sha256_process_bytes_and_size(buffer, n, &hash_state);
|
||||
sha256_finish_ctx(&hash_state, buffer);
|
||||
|
||||
if (lseek(seed_fd, 0, SEEK_SET) < 0)
|
||||
return log_error_errno(errno, "Failed to seek to beginning of EFI seed file: %m");
|
||||
r = loop_write(seed_fd, buffer, sizeof(buffer), false);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to write new EFI seed file: %m");
|
||||
if (ftruncate(seed_fd, sizeof(buffer)) < 0)
|
||||
return log_error_errno(errno, "Failed to truncate EFI seed file: %m");
|
||||
r = fsync_full(seed_fd);
|
||||
if (r < 0)
|
||||
return log_error_errno(r, "Failed to fsync EFI seed file: %m");
|
||||
|
||||
log_debug("Updated random seed in ESP");
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int help(int argc, char *argv[], void *userdata) {
|
||||
_cleanup_free_ char *link = NULL;
|
||||
int r;
|
||||
@ -524,10 +423,7 @@ static int run(int argc, char *argv[]) {
|
||||
|
||||
log_full_errno(level, open_rw_error, "Failed to open " RANDOM_SEED " for writing: %m");
|
||||
log_full_errno(level, errno, "Failed to open " RANDOM_SEED " for reading: %m");
|
||||
r = -errno;
|
||||
|
||||
(void) refresh_boot_seed();
|
||||
return missing ? 0 : r;
|
||||
return missing ? 0 : -errno;
|
||||
}
|
||||
} else
|
||||
write_seed_file = true;
|
||||
@ -537,7 +433,6 @@ static int run(int argc, char *argv[]) {
|
||||
break;
|
||||
|
||||
case ACTION_SAVE:
|
||||
(void) refresh_boot_seed();
|
||||
seed_fd = open(RANDOM_SEED, O_WRONLY|O_CLOEXEC|O_NOCTTY|O_CREAT, 0600);
|
||||
if (seed_fd < 0)
|
||||
return log_error_errno(errno, "Failed to open " RANDOM_SEED ": %m");
|
||||
@ -555,11 +450,9 @@ static int run(int argc, char *argv[]) {
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
if (read_seed_file) {
|
||||
if (read_seed_file)
|
||||
r = load_seed_file(seed_fd, random_fd, seed_size,
|
||||
write_seed_file ? &hash_state : NULL);
|
||||
(void) refresh_boot_seed();
|
||||
}
|
||||
|
||||
if (r >= 0 && write_seed_file)
|
||||
r = save_seed_file(seed_fd, random_fd, seed_size, synchronous, hash_state);
|
||||
|
Loading…
Reference in New Issue
Block a user