| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
With rng-tools being removed by default, it should not be present in
any meta-google machine. Remove the configuration for it which would
be unused.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I47b849b55b65f0fb5c8963a7e2d6319ebc44b35f
|
|
Due to the rng-tools systemd/sysvinit service being split into a package
during the subtree update, adding the corresponding suffix to resolve
the compile error.
Change-Id: I66930d75d081fc84e33ccdcff4d32ee2d3d36326
Signed-off-by: David Wang <davidwang@quantatw.com>
|
|
Upstream has changed the service name from `rngd.service` to
`rng-tools.service`. Change the name of the "nojitter" service
to match.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ie7cef3f0b9106db38e6a399494a85d7e5fc5e3eb
|
|
We want to remove wget from busybox so we need an alternate fetcher.
Tested: Ran locally against an installer URL to verify the behavior
Change-Id: Ib3a00002d7d2d02bd6b29e24f0dbe2c7c9243514
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
rngd will exit with a failure code if none of the provided entropy
schemes are present. This enables us to start a fallback service if the
hwrng is not present.
Tested:
```
$ cat /lib/systemd/system/rngd-nojitter.service
[Unit]
OnFailure=rngd.service
Conflicts=rngd.service
Description=Hardware RNG Entropy Gatherer Daemon
DefaultDependencies=no
After=systemd-udev-settle.service
Before=sysinit.target shutdown.target
Wants=systemd-udev-settle.service
Conflicts=shutdown.target
[Service]
EnvironmentFile=-/etc/default/rng-tools
ExecStart=/usr/sbin/rngd -f -x jitter $EXTRA_ARGS
CapabilityBoundingSet=CAP_SYS_ADMIN
IPAddressDeny=any
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateTmp=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelModules=yes
ProtectKernelLogs=yes
ProtectSystem=strict
RestrictAddressFamilies=AF_UNIX
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
SystemCallFilter=@system-service
[Install]
WantedBy=sysinit.target
$ cat /lib/systemd/system/rngd.service
[Unit]
Description=Hardware RNG Entropy Gatherer Daemon
DefaultDependencies=no
After=systemd-udev-settle.service
Before=sysinit.target shutdown.target
Wants=systemd-udev-settle.service
Conflicts=shutdown.target
[Service]
EnvironmentFile=-/etc/default/rng-tools
ExecStart=/usr/sbin/rngd -f $EXTRA_ARGS
CapabilityBoundingSet=CAP_SYS_ADMIN
IPAddressDeny=any
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateTmp=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelModules=yes
ProtectKernelLogs=yes
ProtectSystem=strict
RestrictAddressFamilies=AF_UNIX
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
SystemCallFilter=@system-service
[Install]
```
Change-Id: I0ccc4ca88818b1944fe3c7914671550654980791
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Set jitter to use only single thread. gBMC systems will always at least
2 CPU, so it won't take up everything.
Change-Id: I43215a4ebca680d3d340062cc9f99a33ab36a60f
Signed-off-by: Willy Tu <wltu@google.com>
|
|
This saved 49152 bytes of compressed image space in our platform.
Signed-off-by: Josh Lehan <krellan@google.com>
Signed-off-by: Brandon Kim <brandonkim@google.com>
Change-Id: I4b5b4c7cd2bfffb9720bae02624519ee10ca73af
|
|
This saved 49152 bytes of compressed image space in our platform.
Signed-off-by: Josh Lehan <krellan@google.com>
Signed-off-by: Brandon Kim <brandonkim@google.com>
Change-Id: I40016cffd8586bbcda1cc45ec968efd35c8f4188
|
