summaryrefslogtreecommitdiff
path: root/meta/recipes-core
diff options
context:
space:
mode:
authorMike Looijmans <mike.looijmans@topic.nl>2016-08-09 14:19:00 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-08-17 10:31:01 +0100
commitc0efbcb47ab37c2d9c298fcd40ecaadd3ca050a7 (patch)
treeb813ebfbb22249ddea43b621f973b32dc068273f /meta/recipes-core
parente88d9e56952414e6214804f9b450c7106d04318d (diff)
downloadopenembedded-core-c0efbcb47ab37c2d9c298fcd40ecaadd3ca050a7.tar.gz
openembedded-core-c0efbcb47ab37c2d9c298fcd40ecaadd3ca050a7.tar.bz2
openembedded-core-c0efbcb47ab37c2d9c298fcd40ecaadd3ca050a7.zip
dropbear/init: Allow extra arguments for key generation
This patch adds DROPBEAR_RSAKEY_ARGS and DROPBEAR_DSSKEY_ARGS optional parameters to /etc/default/dropbear. The contents are simply passed to the 'dropbearkey' program when generating a host key. The default keysize for RSA is currently 2048 bits. It takes a CortexA9 running at 700MHz between 4 and 10 seconds to calculate a keypair. The board boots Linux in about a second, but you have to wait for several seconds because of the keypair generation. This patch allows one to put the line DROPBEAR_RSAKEY_ARGS="-s 1024" into /etc/default/dropbear, and have a host key generated in about 0.2 seconds on the same CPU. This is particulary useful for read-only rootfs systems which generate a key on each boot. Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl> Signed-off-by: Ross Burton <ross.burton@intel.com>
Diffstat (limited to 'meta/recipes-core')
-rwxr-xr-xmeta/recipes-core/dropbear/dropbear/init4
1 files changed, 2 insertions, 2 deletions
diff --git a/meta/recipes-core/dropbear/dropbear/init b/meta/recipes-core/dropbear/dropbear/init
index e8fed3f94d..434bd6b971 100755
--- a/meta/recipes-core/dropbear/dropbear/init
+++ b/meta/recipes-core/dropbear/dropbear/init
@@ -62,13 +62,13 @@ for t in $DROPBEAR_KEYTYPES; do
if [ -f "$DROPBEAR_RSAKEY" -a ! -s "$DROPBEAR_RSAKEY" ]; then
rm $DROPBEAR_RSAKEY || true
fi
- test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY
+ test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY $DROPBEAR_RSAKEY_ARGS
;;
dsa)
if [ -f "$DROPBEAR_DSSKEY" -a ! -s "$DROPBEAR_DSSKEY" ]; then
rm $DROPBEAR_DSSKEY || true
fi
- test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY
+ test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY $DROPBEAR_DSSKEY_ARGS
;;
esac
done