Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

qubes-random-seed: feed kernel rng with randomness from dom0

Browse Source
This commit is contained in:
HW42 2015-07-01 19:44:46 +02:00 committed by Marek Marczykowski-Górecki
parent 063b436b03
commit 912d4c1447
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
core-modules/000QubesVm.py
View File

@ -23,6 +23,8 @@
# #
import datetime import datetime
import base64
import hashlib
import logging import logging
import lxml.etree import lxml.etree
import os import os
@ -1072,6 +1074,8 @@ class QubesVm(object):
self.qdb.write("/qubes-debug-mode", str(int(self.debug))) self.qdb.write("/qubes-debug-mode", str(int(self.debug)))
self.provide_random_seed_to_vm()
# TODO: Currently the whole qmemman is quite Xen-specific, so stay with # TODO: Currently the whole qmemman is quite Xen-specific, so stay with
# xenstore for it until decided otherwise # xenstore for it until decided otherwise
if qmemman_present: if qmemman_present:
@ -1082,6 +1086,14 @@ class QubesVm(object):
for hook in self.hooks_create_qubesdb_entries: for hook in self.hooks_create_qubesdb_entries:
hook(self) hook(self)
def provide_random_seed_to_vm(self):
f = open('/dev/urandom', 'r')
s = f.read(64)
if len(s) != 64:
raise IOError("failed to read seed from /dev/urandom")
f.close()
self.qdb.write("/qubes-random-seed", base64.b64encode(hashlib.sha512(s).digest()))
def _format_net_dev(self, ip, mac, backend): def _format_net_dev(self, ip, mac, backend):
template = " <interface type='ethernet'>\n" \ template = " <interface type='ethernet'>\n" \
" <mac address='{mac}'/>\n" \ " <mac address='{mac}'/>\n" \