Let the kernel hwrng thread manage hw_random mixing.
This has been something the kernel does automatically since 2014, so
there's no obvious reason to add extra work during boot to duplicate
that effort.
Bug: http://b/179086242
Test: treehugger
Change-Id: I44cce99a892e4f2a6a303c2126bd29f955f5fb23
diff --git a/init/init.cpp b/init/init.cpp
index ca2d5da..0c752a9 100644
--- a/init/init.cpp
+++ b/init/init.cpp
@@ -902,7 +902,6 @@
am.QueueBuiltinAction(wait_for_coldboot_done_action, "wait_for_coldboot_done");
am.QueueBuiltinAction(TransitionSnapuserdAction, "TransitionSnapuserd");
// ... so that we can start queuing up actions that require stuff from /dev.
- am.QueueBuiltinAction(MixHwrngIntoLinuxRngAction, "MixHwrngIntoLinuxRng");
am.QueueBuiltinAction(SetMmapRndBitsAction, "SetMmapRndBits");
Keychords keychords;
am.QueueBuiltinAction(
@@ -918,10 +917,6 @@
// Trigger all the boot actions to get us started.
am.QueueEventTrigger("init");
- // Repeat mix_hwrng_into_linux_rng in case /dev/hw_random or /dev/random
- // wasn't ready immediately after wait_for_coldboot_done
- am.QueueBuiltinAction(MixHwrngIntoLinuxRngAction, "MixHwrngIntoLinuxRng");
-
// Don't mount filesystems or start core system services in charger mode.
std::string bootmode = GetProperty("ro.bootmode", "");
if (bootmode == "charger") {
diff --git a/init/security.cpp b/init/security.cpp
index ac784a3..970696e 100644
--- a/init/security.cpp
+++ b/init/security.cpp
@@ -36,59 +36,6 @@
namespace android {
namespace init {
-// Writes 512 bytes of output from Hardware RNG (/dev/hw_random, backed
-// by Linux kernel's hw_random framework) into Linux RNG's via /dev/urandom.
-// Does nothing if Hardware RNG is not present.
-//
-// Since we don't yet trust the quality of Hardware RNG, these bytes are not
-// mixed into the primary pool of Linux RNG and the entropy estimate is left
-// unmodified.
-//
-// If the HW RNG device /dev/hw_random is present, we require that at least
-// 512 bytes read from it are written into Linux RNG. QA is expected to catch
-// devices/configurations where these I/O operations are blocking for a long
-// time. We do not reboot or halt on failures, as this is a best-effort
-// attempt.
-Result<void> MixHwrngIntoLinuxRngAction(const BuiltinArguments&) {
- unique_fd hwrandom_fd(
- TEMP_FAILURE_RETRY(open("/dev/hw_random", O_RDONLY | O_NOFOLLOW | O_CLOEXEC)));
- if (hwrandom_fd == -1) {
- if (errno == ENOENT) {
- LOG(INFO) << "/dev/hw_random not found";
- // It's not an error to not have a Hardware RNG.
- return {};
- }
- return ErrnoError() << "Failed to open /dev/hw_random";
- }
-
- unique_fd urandom_fd(
- TEMP_FAILURE_RETRY(open("/dev/urandom", O_WRONLY | O_NOFOLLOW | O_CLOEXEC)));
- if (urandom_fd == -1) {
- return ErrnoError() << "Failed to open /dev/urandom";
- }
-
- char buf[512];
- size_t total_bytes_written = 0;
- while (total_bytes_written < sizeof(buf)) {
- ssize_t chunk_size =
- TEMP_FAILURE_RETRY(read(hwrandom_fd, buf, sizeof(buf) - total_bytes_written));
- if (chunk_size == -1) {
- return ErrnoError() << "Failed to read from /dev/hw_random";
- } else if (chunk_size == 0) {
- return Error() << "Failed to read from /dev/hw_random: EOF";
- }
-
- chunk_size = TEMP_FAILURE_RETRY(write(urandom_fd, buf, chunk_size));
- if (chunk_size == -1) {
- return ErrnoError() << "Failed to write to /dev/urandom";
- }
- total_bytes_written += chunk_size;
- }
-
- LOG(INFO) << "Mixed " << total_bytes_written << " bytes from /dev/hw_random into /dev/urandom";
- return {};
-}
-
static bool SetHighestAvailableOptionValue(const std::string& path, int min, int max) {
std::ifstream inf(path, std::fstream::in);
if (!inf) {
diff --git a/init/security.h b/init/security.h
index 43c2739..e8bec6a 100644
--- a/init/security.h
+++ b/init/security.h
@@ -26,7 +26,6 @@
namespace android {
namespace init {
-Result<void> MixHwrngIntoLinuxRngAction(const BuiltinArguments&);
Result<void> SetMmapRndBitsAction(const BuiltinArguments&);
Result<void> SetKptrRestrictAction(const BuiltinArguments&);
Result<void> TestPerfEventSelinuxAction(const BuiltinArguments&);