diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2022-11-16 19:34:53 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2022-11-17 12:22:32 +0100 |
commit | 5d29d07b342397a8ecc4bea96f53595a03dd94f1 (patch) | |
tree | a7f85e959e02de3fbf4d8bcfb3dcda9058e5180c /src/boot | |
parent | random-seed: handle post-merge review nits (diff) | |
download | systemd-5d29d07b342397a8ecc4bea96f53595a03dd94f1.tar.xz systemd-5d29d07b342397a8ecc4bea96f53595a03dd94f1.zip |
boot: do not truncate random seed file
There are concerns about the FAT file system driver exploding if we try
to do this, so just leave the bytes zeroed out instead.
Diffstat (limited to 'src/boot')
-rw-r--r-- | src/boot/efi/random-seed.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/src/boot/efi/random-seed.c b/src/boot/efi/random-seed.c index 02f4dfbc7f..e6a317860d 100644 --- a/src/boot/efi/random-seed.c +++ b/src/boot/efi/random-seed.c @@ -263,7 +263,7 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir, RandomSeedMode mode) { sha256_finish_ctx(&hash, random_bytes); size = sizeof(random_bytes); - /* If the file size is too large, zero out the remaining bytes on disk, and then truncate. */ + /* If the file size is too large, zero out the remaining bytes on disk. */ if (size < info->FileSize) { err = handle->SetPosition(handle, size); if (err != EFI_SUCCESS) @@ -280,10 +280,17 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir, RandomSeedMode mode) { err = handle->SetPosition(handle, 0); if (err != EFI_SUCCESS) return log_error_status_stall(err, L"Failed to seek to beginning of random seed file: %r", err); - info->FileSize = size; - err = handle->SetInfo(handle, &GenericFileInfo, info->Size, info); - if (err != EFI_SUCCESS) - return log_error_status_stall(err, L"Failed to truncate random seed file: %r", err); + + /* We could truncate the file here with something like: + * + * info->FileSize = size; + * err = handle->SetInfo(handle, &GenericFileInfo, info->Size, info); + * if (err != EFI_SUCCESS) + * return log_error_status_stall(err, L"Failed to truncate random seed file: %r", err); + * + * But this is considered slightly risky, because EFI filesystem drivers are a little bit + * flimsy. So instead we rely on userspace eventually truncating this when it writes a new + * seed. For now the best we do is zero it. */ } /* Update the random seed on disk before we use it */ wsize = size; |