dropbear/init: Allow extra arguments for key generation

This patch adds DROPBEAR_RSAKEY_ARGS and DROPBEAR_DSSKEY_ARGS optional
parameters to /etc/default/dropbear. The contents are simply passed to
the 'dropbearkey' program when generating a host key.

The default keysize for RSA is currently 2048 bits. It takes a CortexA9
running at 700MHz between 4 and 10 seconds to calculate a keypair. The
board boots Linux in about a second, but you have to wait for several
seconds because of the keypair generation. This patch allows one to put
the line DROPBEAR_RSAKEY_ARGS="-s 1024" into /etc/default/dropbear, and
have a host key generated in about 0.2 seconds on the same CPU. This is
particulary useful for read-only rootfs systems which generate a key on
each boot.

Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl>
Signed-off-by: Ross Burton <ross.burton@intel.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/meta/recipes-core/dropbear/dropbear/init b/meta/recipes-core/dropbear/dropbear/init
index e8fed3f94d..434bd6b971 100755
--- a/meta/recipes-core/dropbear/dropbear/init
+++ b/meta/recipes-core/dropbear/dropbear/init
@@ -62,13 +62,13 @@ for t in $DROPBEAR_KEYTYPES; do
         if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
                 rm $DROPBEAR_RSAKEY || true
         fi
-        test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY
+        test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
 	;;
     dsa)
         if [ -f "$DROPBEAR_DSSKEY" -a ! -s "$DROPBEAR_DSSKEY" ]; then
                 rm $DROPBEAR_DSSKEY || true
         fi
-        test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY
+        test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY $DROPBEAR_DSSKEY_ARGS
 	;;
   esac
 done