Date: Fri, 19 Apr 2019 17:15:58 +0000 (UTC) From: Conrad Meyer <cem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r346399 - head/share/man/man4 Message-ID: <201904191715.x3JHFwhC025094@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cem Date: Fri Apr 19 17:15:58 2019 New Revision: 346399 URL: https://svnweb.freebsd.org/changeset/base/346399 Log: random.4: Include description of knobs added in r346358 Reported by: ngie Sponsored by: Dell EMC Isilon Modified: head/share/man/man4/random.4 Modified: head/share/man/man4/random.4 ============================================================================== --- head/share/man/man4/random.4 Fri Apr 19 17:06:43 2019 (r346398) +++ head/share/man/man4/random.4 Fri Apr 19 17:15:58 2019 (r346399) @@ -23,7 +23,7 @@ .\" .\" $FreeBSD$ .\" -.Dd April 15, 2019 +.Dd April 19, 2019 .Dt RANDOM 4 .Os .Sh NAME @@ -85,6 +85,10 @@ kern.random.harvest.mask_bin: 00000010000000111011111 kern.random.harvest.mask: 66015 kern.random.use_chacha20_cipher: 0 kern.random.random_sources: 'Intel Secure Key RNG' +kern.random.initial_seeding.bypass_before_seeding: 1 +kern.random.initial_seeding.read_random_bypassed_before_seeding: 0 +kern.random.initial_seeding.arc4random_bypassed_before_seeding: 0 +kern.random.initial_seeding.disable_bypass_warnings: 0 .Ed .Pp Other than @@ -132,6 +136,55 @@ for more on the harvesting of entropy. .Bl -tag -width ".Pa /dev/urandom" .It Pa /dev/random .It Pa /dev/urandom +.El +.Sh DIAGNOSTICS +The following tunables are related to initial seeding of the +.Nm +device: +.Bl -tag -width 4 +.It Va kern.random.initial_seeding.bypass_before_seeding +Defaults to 1 (on). +When set, the system will bypass the +.Nm +device prior to initial seeding. +On is +.Em unsafe , +but provides availability on many systems that lack early sources +of entropy, or cannot load +.Pa /boot/entropy +sufficiently early in boot for +.Nm +consumers. +When unset (0), the system will block +.Xr read_random 9 +and +.Xr arc4random 9 +requests if and until the +.Nm +device is initially seeded. +.It Va kern.random.initial_seeding.disable_bypass_warnings +Defaults to 0 (off). +When set non-zero, disables warnings in dmesg when the +.Nm +device is bypassed. +.El +.Pp +The following read-only +.Xr sysctl 8 +variables allow programmatic diagnostic of whether +.Nm +device bypass occurred during boot. +If they are set (non-zero), the specific functional unit bypassed the strong +.Nm +device output and either produced no output +.Xr ( read_random 9 ) +or seeded itself with minimal, non-cryptographic entropy +.Xr ( arc4random 9 ) . +.Bl -bullet +.It +.Va kern.random.initial_seeding.read_random_bypassed_before_seeding +.It +.Va kern.random.initial_seeding.arc4random_bypassed_before_seeding .El .Sh SEE ALSO .Xr getrandom 2 ,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201904191715.x3JHFwhC025094>