Date: Sun, 02 Nov 2014 13:41:23 +0100 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: Mark R V Murray <mark@grondar.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r273958 - head/sys/dev/random Message-ID: <86mw894vws.fsf@nine.des.no> In-Reply-To: <720EB74E-094A-43F3-8B1C-47BC7F6FECC3@grondar.org> (Mark R. V. Murray's message of "Sun, 2 Nov 2014 09:45:15 %2B0000") References: <201411020201.sA221unt091493@svn.freebsd.org> <720EB74E-094A-43F3-8B1C-47BC7F6FECC3@grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark R V Murray <mark@grondar.org> writes: > I=E2=80=99m scared witless of this being on-by-default, for the reason gi= ven > in the removed comment. I=E2=80=99d much prefer to see it only turned on = if a > kernel option is set, and the embedded folks /et al/ can use that. You didn't seem to mind this code when we introduced it in 10-CURRENT. Removing it breaks pretty much everything, not just embedded systems. We can add a sysctl to turn it off, but it has to be on by default. Note that the alternative is to feed more trash into /dev/random at boot, as we did before. It may give us a warm and fuzzy feeling which we don't get from automatically seeding, but the reality is that we have no idea how good that trash is either. In fact, most of what we used to feed into /dev/random at boot (ps, sysctls etc) was constant or nearly so. I prefer to trust that we get enough entropy from attachtimes and I/O in the boot process - and the data I gathered indicates that there is more than enough entropy from attachtimes alone, even on SFF systems and VMs. > Moving the point of the auto-firstseed to where is good, thanks. ...except that I'm not sure it doesn't break root-on-geli etc, but at least it doesn't break it more than not having auto-firstseed at all. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86mw894vws.fsf>