diff options
author | Mike Looijmans <mike.looijmans@topic.nl> | 2016-08-09 14:19:00 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-08-17 10:31:01 +0100 |
commit | c0efbcb47ab37c2d9c298fcd40ecaadd3ca050a7 (patch) | |
tree | b813ebfbb22249ddea43b621f973b32dc068273f /meta/recipes-core | |
parent | e88d9e56952414e6214804f9b450c7106d04318d (diff) | |
download | openembedded-core-c0efbcb47ab37c2d9c298fcd40ecaadd3ca050a7.tar.gz openembedded-core-c0efbcb47ab37c2d9c298fcd40ecaadd3ca050a7.tar.bz2 openembedded-core-c0efbcb47ab37c2d9c298fcd40ecaadd3ca050a7.zip |
dropbear/init: Allow extra arguments for key generation
This patch adds DROPBEAR_RSAKEY_ARGS and DROPBEAR_DSSKEY_ARGS optional
parameters to /etc/default/dropbear. The contents are simply passed to
the 'dropbearkey' program when generating a host key.
The default keysize for RSA is currently 2048 bits. It takes a CortexA9
running at 700MHz between 4 and 10 seconds to calculate a keypair. The
board boots Linux in about a second, but you have to wait for several
seconds because of the keypair generation. This patch allows one to put
the line DROPBEAR_RSAKEY_ARGS="-s 1024" into /etc/default/dropbear, and
have a host key generated in about 0.2 seconds on the same CPU. This is
particulary useful for read-only rootfs systems which generate a key on
each boot.
Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-core')
-rwxr-xr-x | meta/recipes-core/dropbear/dropbear/init | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/meta/recipes-core/dropbear/dropbear/init b/meta/recipes-core/dropbear/dropbear/init index e8fed3f94d..434bd6b971 100755 --- a/meta/recipes-core/dropbear/dropbear/init +++ b/meta/recipes-core/dropbear/dropbear/init @@ -62,13 +62,13 @@ for t in $DROPBEAR_KEYTYPES; do if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then rm $DROPBEAR_RSAKEY || true fi - test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY + test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS ;; dsa) if [ -f "$DROPBEAR_DSSKEY" -a ! -s "$DROPBEAR_DSSKEY" ]; then rm $DROPBEAR_DSSKEY || true fi - test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY + test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY $DROPBEAR_DSSKEY_ARGS ;; esac done |