From owner-svn-src-head@freebsd.org Fri Jul 24 15:25:26 2015 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A931E9AAB32 for ; Fri, 24 Jul 2015 15:25:26 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from pmta2.delivery6.ore.mailhop.org (pmta2.delivery6.ore.mailhop.org [54.200.129.228]) by mx1.freebsd.org (Postfix) with SMTP id 83ADF12D2 for ; Fri, 24 Jul 2015 15:25:26 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from ilsoft.org (unknown [73.34.117.227]) by outbound2.ore.mailhop.org (Halon Mail Gateway) with ESMTPSA; Fri, 24 Jul 2015 15:26:18 +0000 (UTC) Received: from rev (rev [172.22.42.240]) by ilsoft.org (8.14.9/8.14.9) with ESMTP id t6OFPKB5011699; Fri, 24 Jul 2015 09:25:20 -0600 (MDT) (envelope-from ian@freebsd.org) Message-ID: <1437751520.1334.546.camel@freebsd.org> Subject: Re: svn commit: r284959 - in head: . share/man/man4 share/man/man9 sys/conf sys/dev/glxsb sys/dev/hifn sys/dev/random sys/dev/rndtest sys/dev/safe sys/dev/syscons sys/dev/ubsec sys/dev/virtio/random sy... From: Ian Lepore To: Mark R V Murray Cc: John-Mark Gurney , src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org Date: Fri, 24 Jul 2015 09:25:20 -0600 In-Reply-To: References: <201506301700.t5UH0jPq001498@svn.freebsd.org> <20150724012519.GE78154@funkthat.com> Content-Type: text/plain; charset="windows-1251" X-Mailer: Evolution 3.12.10 FreeBSD GNOME Team Port Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Jul 2015 15:25:26 -0000 On Fri, 2015-07-24 at 07:59 +0100, Mark R V Murray wrote: > > On 24 Jul 2015, at 02:25, John-Mark Gurney wrote: > > > > I would like to point out that the goal of collecting large amounts > > is starting to fall out of favor, and I happen to agree with the likes > > of djb[1] that we don't need an infinite amount of entropy collected by > > the system. If the attacker can read out our RNG state, then we are > > already screwed due to many other vulns. > > I’m working on a premise of “tools, not policy”. I’d like there to be > enough harvesting points for the box owner to get the warm fuzzies. > If they choose to use less, fine by me. > > > Many of the issues that FreeBSD sees with lack of entropy at start up > > is more of a problem on how systems are installed and provisioned. I > > don't believe that we currently store any entropy from the install > > process, yet this is one of the best places to get it, the user is > > banging on keyboard selecting options, etc. If an image is designed > > to be cloned (vm images or appliance images) we need to have a > > mechanism to ensure that before we start, we get the entropy from > > other sources, be it a hardware RNG or the console. > > Getting an initial entropy bundle for first boot is high up on my > TODO list. :-) Patches welcome! We need the usual /entropy (or > /var/db/entropy/… or whatever) and crucially we need /boot/entropy > and the correct invocation in /boot/loader.conf. > But keep in mind that loader(8) is optional and not used at all on some non-x86 systems. -- Ian