free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Verify the firmware of OneRNG devices

This commit is contained in:
Bob Mottram 2015-06-13 14:20:07 +01:00
parent f01aa51560
commit 954fb61e91
1 changed files with 29 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
src/freedombone
View File

@ -1497,18 +1497,20 @@ function remove_instructions_from_motd {
} }
function check_hwrng { function check_hwrng {
# If hardware random number generation was enabled then make sure that the device exists. if [[ $HWRNG_TYPE == "beaglebone" ]]; then
# if /dev/hwrng is not found then any subsequent cryptographic key generation would # If hardware random number generation was enabled then make sure that the device exists.
# suffer from low entropy and might be insecure # if /dev/hwrng is not found then any subsequent cryptographic key generation would
if [ ! -f /etc/default/rng-tools ]; then # suffer from low entropy and might be insecure
return if [ ! -e /dev/hwrng ]; then
fi ls /dev/hw*
if [ ! -e /dev/hwrng ]; then echo 'The hardware random number generator is enabled but could not be detected on'
ls /dev/hw* echo '/dev/hwrng. There may be a problem with the installation or the Beaglebone hardware.'
echo 'The hardware random number generator is enabled but could not be detected on' exit 75
echo '/dev/hwrng. There may be a problem with the installation or the Beaglebone hardware.' fi
exit 75
fi fi
# If a OneRNG device was install then verify its firmware
check_onerng_verification
} }
function get_mariadb_password { function get_mariadb_password {
@ -4736,6 +4738,22 @@ function enable_zram {
echo 'enable_zram' >> $COMPLETION_FILE echo 'enable_zram' >> $COMPLETION_FILE
} }
function check_onerng_verification {
if [[ $HWRNG_TYPE != "onerng" ]]; then
return
fi
echo 'Checking OneRNG firmware verification'
last_onerng_validation=$(cat /var/log/syslog.1 | grep "OneRNG: firmware verification" | awk '/./{line=$0} END{print line}')
if [[ $last_onerng_validation != *"passed OK"* ]]; then
last_onerng_validation=$(cat /var/log/syslog | grep "OneRNG: firmware verification" | awk '/./{line=$0} END{print line}')
if [[ $last_onerng_validation != *"passed OK"* ]]; then
echo $last_onerng_validation
echo 'OneRNG firmware verification failed'
exit 735026
fi
fi
}
function install_onerng { function install_onerng {
apt-get -y install rng-tools at python-gnupg apt-get -y install rng-tools at python-gnupg