diff options
author | Lennart Poettering <lennart@poettering.net> | 2022-12-20 16:18:11 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2023-01-04 15:18:10 +0100 |
commit | 29d487adb4ce70cc87a09ce2003d29789b2b4c3f (patch) | |
tree | adf828c2b70908e622ff4461cbcb4406a01aceba | |
parent | sha256: add helper than hashes a buffer *and* its size (diff) | |
download | systemd-29d487adb4ce70cc87a09ce2003d29789b2b4c3f.tar.xz systemd-29d487adb4ce70cc87a09ce2003d29789b2b4c3f.zip |
random-seed: don't refresh EFI random seed from random-seed.c anymore
The ESP is simply not mounted early enough for this. We want that the
regular random seed handling runs as early as we possibly could, but we
don't want to delay this until the ESP is actually mounted.
Hence, let's remove this from random-seed.c here. A follow-up commit
will then add this back in, in a separate service which just calls
"bootctl random-seed".
Effectively reverts: f913c784ad4c93894fd6cb2590738113dff5a694
Fixes: #25769
-rw-r--r-- | src/random-seed/random-seed.c | 111 |
1 files changed, 2 insertions, 109 deletions
diff --git a/src/random-seed/random-seed.c b/src/random-seed/random-seed.c index a50fdc12ae..c3353e5518 100644 --- a/src/random-seed/random-seed.c +++ b/src/random-seed/random-seed.c @@ -16,10 +16,7 @@ #include "alloc-util.h" #include "build.h" -#include "chase-symlinks.h" -#include "efi-loader.h" #include "fd-util.h" -#include "find-esp.h" #include "fs-util.h" #include "io-util.h" #include "log.h" @@ -27,17 +24,13 @@ #include "missing_random.h" #include "missing_syscall.h" #include "mkdir.h" -#include "parse-argument.h" #include "parse-util.h" -#include "path-util.h" #include "pretty-print.h" #include "random-util.h" #include "string-table.h" #include "string-util.h" -#include "strv.h" #include "sync-util.h" #include "sha256.h" -#include "terminal-util.h" #include "xattr-util.h" typedef enum SeedAction { @@ -313,100 +306,6 @@ static int save_seed_file( return 0; } -static int refresh_boot_seed(void) { - uint8_t buffer[RANDOM_EFI_SEED_SIZE]; - struct sha256_ctx hash_state; - _cleanup_free_ void *seed_file_bytes = NULL; - _cleanup_free_ char *esp_path = NULL; - _cleanup_close_ int seed_fd = -EBADF, dir_fd = -EBADF; - size_t len; - ssize_t n; - int r; - - assert_cc(RANDOM_EFI_SEED_SIZE == SHA256_DIGEST_SIZE); - - r = find_esp_and_warn(NULL, NULL, /* unprivileged_mode= */ false, &esp_path, - NULL, NULL, NULL, NULL, NULL); - if (r < 0) { - if (r == -ENOKEY) { - log_debug_errno(r, "Couldn't find any ESP, so not updating ESP random seed."); - return 0; - } - return r; /* find_esp_and_warn() already logged */ - } - - r = chase_symlinks("/loader", esp_path, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, NULL, &dir_fd); - if (r < 0) { - if (r == -ENOENT) { - log_debug_errno(r, "Couldn't find ESP loader directory, so not updating ESP random seed."); - return 0; - } - return log_error_errno(r, "Failed to open ESP loader directory: %m"); - } - seed_fd = openat(dir_fd, "random-seed", O_NOFOLLOW|O_RDWR|O_CLOEXEC|O_NOCTTY); - if (seed_fd < 0 && errno == ENOENT) { - uint64_t features; - r = efi_loader_get_features(&features); - if (r == 0 && FLAGS_SET(features, EFI_LOADER_FEATURE_RANDOM_SEED)) - seed_fd = openat(dir_fd, "random-seed", O_CREAT|O_EXCL|O_RDWR|O_CLOEXEC|O_NOCTTY, 0600); - else { - log_debug_errno(seed_fd, "Couldn't find ESP random seed, and not booted with systemd-boot, so not updating ESP random seed."); - return 0; - } - } - if (seed_fd < 0) - return log_error_errno(errno, "Failed to open EFI seed path: %m"); - r = random_seed_size(seed_fd, &len); - if (r < 0) - return log_error_errno(r, "Failed to determine EFI seed path length: %m"); - seed_file_bytes = malloc(len); - if (!seed_file_bytes) - return log_oom(); - n = loop_read(seed_fd, seed_file_bytes, len, false); - if (n < 0) - return log_error_errno(n, "Failed to read EFI seed file: %m"); - - /* Hash the old seed in so that we never regress in entropy. */ - sha256_init_ctx(&hash_state); - sha256_process_bytes_and_size(seed_file_bytes, n, &hash_state); - - /* We're doing this opportunistically, so if the seeding dance before didn't manage to initialize the - * RNG, there's no point in doing it here. Secondly, getrandom(GRND_NONBLOCK) has been around longer - * than EFI seeding anyway, so there's no point in having non-getrandom() fallbacks here. So if this - * fails, just return early to cut our losses. */ - n = getrandom(buffer, sizeof(buffer), GRND_NONBLOCK); - if (n < 0) { - if (errno == EAGAIN) { - log_debug_errno(errno, "Random pool not initialized yet, so skipping EFI seed update"); - return 0; - } - if (errno == ENOSYS) { - log_debug_errno(errno, "getrandom() not available, so skipping EFI seed update"); - return 0; - } - return log_error_errno(errno, "Failed to generate random bytes for EFI seed: %m"); - } - assert(n == sizeof(buffer)); - - /* Hash the new seed into the state containing the old one to generate our final seed. */ - sha256_process_bytes_and_size(buffer, n, &hash_state); - sha256_finish_ctx(&hash_state, buffer); - - if (lseek(seed_fd, 0, SEEK_SET) < 0) - return log_error_errno(errno, "Failed to seek to beginning of EFI seed file: %m"); - r = loop_write(seed_fd, buffer, sizeof(buffer), false); - if (r < 0) - return log_error_errno(r, "Failed to write new EFI seed file: %m"); - if (ftruncate(seed_fd, sizeof(buffer)) < 0) - return log_error_errno(errno, "Failed to truncate EFI seed file: %m"); - r = fsync_full(seed_fd); - if (r < 0) - return log_error_errno(r, "Failed to fsync EFI seed file: %m"); - - log_debug("Updated random seed in ESP"); - return 0; -} - static int help(int argc, char *argv[], void *userdata) { _cleanup_free_ char *link = NULL; int r; @@ -524,10 +423,7 @@ static int run(int argc, char *argv[]) { log_full_errno(level, open_rw_error, "Failed to open " RANDOM_SEED " for writing: %m"); log_full_errno(level, errno, "Failed to open " RANDOM_SEED " for reading: %m"); - r = -errno; - - (void) refresh_boot_seed(); - return missing ? 0 : r; + return missing ? 0 : -errno; } } else write_seed_file = true; @@ -537,7 +433,6 @@ static int run(int argc, char *argv[]) { break; case ACTION_SAVE: - (void) refresh_boot_seed(); seed_fd = open(RANDOM_SEED, O_WRONLY|O_CLOEXEC|O_NOCTTY|O_CREAT, 0600); if (seed_fd < 0) return log_error_errno(errno, "Failed to open " RANDOM_SEED ": %m"); @@ -555,11 +450,9 @@ static int run(int argc, char *argv[]) { if (r < 0) return r; - if (read_seed_file) { + if (read_seed_file) r = load_seed_file(seed_fd, random_fd, seed_size, write_seed_file ? &hash_state : NULL); - (void) refresh_boot_seed(); - } if (r >= 0 && write_seed_file) r = save_seed_file(seed_fd, random_fd, seed_size, synchronous, hash_state); |