[OE-core] [PATCH] rng-tools: Fix crazy defaults
Rasmus Villemoes
rasmus.villemoes at prevas.dk
Tue Mar 5 07:03:04 UTC 2019
On 09/11/2018 09.54, Hongxu Jia wrote:
> Since commit [f1dc9ac rng-tools: Fix crazy defaults] fixed
> init based on sysvinit, this fix rngd.service based on systemd.
>
> Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
> ---
> meta/recipes-support/rng-tools/rng-tools/rngd.service | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-support/rng-tools/rng-tools/rngd.service b/meta/recipes-support/rng-tools/rng-tools/rngd.service
> index cb81024..f0355db 100644
> --- a/meta/recipes-support/rng-tools/rng-tools/rngd.service
> +++ b/meta/recipes-support/rng-tools/rng-tools/rngd.service
> @@ -5,7 +5,7 @@ After=systemd-udev-settle.service
> Before=sysinit.target
>
> [Service]
> -ExecStart=@SBINDIR@/rngd -f -r /dev/urandom
> +ExecStart=@SBINDIR@/rngd -f -r /dev/hwrng
> SuccessExitStatus=66
>
> [Install]
>
This has been applied to master, but please apply this to thud as well -
feeding the kernel's entropy pool from that same entropy pool is of
course utter nonsense, but since rngd is also _crediting those bytes
with providing real bits of entropy_ (ioctl RNDADDENTROPY) makes it a
security issue.
Rasmus
More information about the Openembedded-core
mailing list