9 # KEYWORD: nojail shutdown
14 desc="Harvest and save entropy for random device"
15 start_cmd="random_start"
16 stop_cmd="random_stop"
18 extra_commands="saveseed"
19 saveseed_cmd="${name}_stop"
26 debug "saving entropy to $f"
27 dd if=/dev/random of="$f" bs=4096 count=1 status=none &&
28 ( chflags nodump "$f" 2>/dev/null || : ) &&
30 fsync "$f" "$(dirname "$f")"
38 if [ -f "$f" -a -r "$f" -a -s "$f" ] ; then
39 if dd if="$f" of=/dev/random bs=4096 2>/dev/null ; then
40 debug "entropy read from $f"
50 if [ -n "${harvest_mask}" ]; then
51 echo -n 'Setting up harvesting: '
52 ${SYSCTL} kern.random.harvest.mask=${harvest_mask} > /dev/null
53 ${SYSCTL_N} kern.random.harvest.mask_symbolic
56 echo -n 'Feeding entropy: '
58 if [ ! -w /dev/random ] ; then
59 warn "/dev/random is not writeable"
63 # Reseed /dev/random with previously stored entropy.
64 case ${entropy_dir:=/var/db/entropy} in
68 if [ -d "${entropy_dir}" ] ; then
69 feed_dev_random "${entropy_dir}"/*
74 case ${entropy_file:=/entropy} in
78 feed_dev_random "${entropy_file}" /var/db/entropy-file
79 save_dev_random "${entropy_file}"
83 case ${entropy_boot_file:=/boot/entropy} in
87 save_dev_random "${entropy_boot_file}"
96 # Write some entropy so when the machine reboots /dev/random
99 case ${entropy_file:=/entropy} in
103 echo -n 'Writing entropy file: '
104 rm -f ${entropy_file} 2> /dev/null
107 if touch ${entropy_file} 2> /dev/null; then
108 entropy_file_confirmed="${entropy_file}"
110 # Try this as a reasonable alternative for read-only
111 # roots, diskless workstations, etc.
112 rm -f /var/db/entropy-file 2> /dev/null
113 if touch /var/db/entropy-file 2> /dev/null; then
114 entropy_file_confirmed=/var/db/entropy-file
117 case ${entropy_file_confirmed} in
119 warn 'write failed (read-only fs?)'
122 save_dev_random "${entropy_file_confirmed}"
129 case ${entropy_boot_file:=/boot/entropy} in
133 echo -n 'Writing early boot entropy file: '
134 rm -f ${entropy_boot_file} 2> /dev/null
137 if touch ${entropy_boot_file} 2> /dev/null; then
138 entropy_boot_file_confirmed="${entropy_boot_file}"
140 case ${entropy_boot_file_confirmed} in
142 warn 'write failed (read-only fs?)'
145 save_dev_random "${entropy_boot_file_confirmed}"