[OE-core] [PATCH] rng-tools: Fix crazy defaults
Richard Purdie
richard.purdie at linuxfoundation.org
Tue Mar 5 22:25:18 UTC 2019
On Tue, 2019-03-05 at 07:03 +0000, Rasmus Villemoes wrote:
> On 09/11/2018 09.54, Hongxu Jia wrote:
> > Before=sysinit.target
> >
> > [Service]
> > -ExecStart=@SBINDIR@/rngd -f -r /dev/urandom
> > +ExecStart=@SBINDIR@/rngd -f -r /dev/hwrng
> > SuccessExitStatus=66
> >
> > [Install]
> >
>
> This has been applied to master, but please apply this to thud as
> well -
> feeding the kernel's entropy pool from that same entropy pool is of
> course utter nonsense, but since rngd is also _crediting those bytes
> with providing real bits of entropy_ (ioctl RNDADDENTROPY) makes it a
> security issue.
Thanks for pointing this out, I've backported this to thud after
discussion with Armin.
Cheers,
Richard
More information about the Openembedded-core
mailing list