9 # KEYWORD: nojail shutdown
14 desc="Harvest and save entropy for random device"
15 start_cmd="random_start"
16 stop_cmd="random_stop"
18 extra_commands="saveseed"
19 saveseed_cmd="${name}_stop"
26 debug "saving entropy to $f"
27 dd if=/dev/random of="$f" bs=4096 count=1 status=none &&
36 if [ -f "$f" -a -r "$f" -a -s "$f" ] ; then
37 if dd if="$f" of=/dev/random bs=4096 2>/dev/null ; then
38 debug "entropy read from $f"
48 if [ ${harvest_mask} -gt 0 ]; then
49 echo -n 'Setting up harvesting: '
50 ${SYSCTL} kern.random.harvest.mask=${harvest_mask} > /dev/null
51 ${SYSCTL_N} kern.random.harvest.mask_symbolic
54 echo -n 'Feeding entropy: '
56 if [ ! -w /dev/random ] ; then
57 warn "/dev/random is not writeable"
61 # Reseed /dev/random with previously stored entropy.
62 case ${entropy_dir:=/var/db/entropy} in
66 if [ -d "${entropy_dir}" ] ; then
67 feed_dev_random "${entropy_dir}"/*
72 case ${entropy_file:=/entropy} in
76 feed_dev_random "${entropy_file}" /var/db/entropy-file
77 save_dev_random "${entropy_file}"
81 case ${entropy_boot_file:=/boot/entropy} in
85 save_dev_random "${entropy_boot_file}"
94 # Write some entropy so when the machine reboots /dev/random
97 case ${entropy_file:=/entropy} in
101 echo -n 'Writing entropy file:'
102 rm -f ${entropy_file} 2> /dev/null
105 if touch ${entropy_file} 2> /dev/null; then
106 entropy_file_confirmed="${entropy_file}"
108 # Try this as a reasonable alternative for read-only
109 # roots, diskless workstations, etc.
110 rm -f /var/db/entropy-file 2> /dev/null
111 if touch /var/db/entropy-file 2> /dev/null; then
112 entropy_file_confirmed=/var/db/entropy-file
115 case ${entropy_file_confirmed} in
117 warn 'write failed (read-only fs?)'
120 dd if=/dev/random of=${entropy_file_confirmed} \
121 bs=4096 count=1 2> /dev/null ||
122 warn 'write failed (unwriteable file or full fs?)'
129 case ${entropy_boot_file:=/boot/entropy} in
133 echo -n 'Writing early boot entropy file:'
134 rm -f ${entropy_boot_file} 2> /dev/null
137 if touch ${entropy_boot_file} 2> /dev/null; then
138 entropy_boot_file_confirmed="${entropy_boot_file}"
140 case ${entropy_boot_file_confirmed} in
142 warn 'write failed (read-only fs?)'
145 dd if=/dev/random of=${entropy_boot_file_confirmed} \
146 bs=4096 count=1 2> /dev/null ||
147 warn 'write failed (unwriteable file or full fs?)'