From owner-svn-src-head@freebsd.org Fri Apr 19 17:15:59 2019 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4950E1572D96; Fri, 19 Apr 2019 17:15:59 +0000 (UTC) (envelope-from cem@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E36798841A; Fri, 19 Apr 2019 17:15:58 +0000 (UTC) (envelope-from cem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BC00916F3; Fri, 19 Apr 2019 17:15:58 +0000 (UTC) (envelope-from cem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x3JHFwwE025095; Fri, 19 Apr 2019 17:15:58 GMT (envelope-from cem@FreeBSD.org) Received: (from cem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x3JHFwhC025094; Fri, 19 Apr 2019 17:15:58 GMT (envelope-from cem@FreeBSD.org) Message-Id: <201904191715.x3JHFwhC025094@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: cem set sender to cem@FreeBSD.org using -f From: Conrad Meyer Date: Fri, 19 Apr 2019 17:15:58 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r346399 - head/share/man/man4 X-SVN-Group: head X-SVN-Commit-Author: cem X-SVN-Commit-Paths: head/share/man/man4 X-SVN-Commit-Revision: 346399 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: E36798841A X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.98 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.98)[-0.978,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Apr 2019 17:15:59 -0000 Author: cem Date: Fri Apr 19 17:15:58 2019 New Revision: 346399 URL: https://svnweb.freebsd.org/changeset/base/346399 Log: random.4: Include description of knobs added in r346358 Reported by: ngie Sponsored by: Dell EMC Isilon Modified: head/share/man/man4/random.4 Modified: head/share/man/man4/random.4 ============================================================================== --- head/share/man/man4/random.4 Fri Apr 19 17:06:43 2019 (r346398) +++ head/share/man/man4/random.4 Fri Apr 19 17:15:58 2019 (r346399) @@ -23,7 +23,7 @@ .\" .\" $FreeBSD$ .\" -.Dd April 15, 2019 +.Dd April 19, 2019 .Dt RANDOM 4 .Os .Sh NAME @@ -85,6 +85,10 @@ kern.random.harvest.mask_bin: 00000010000000111011111 kern.random.harvest.mask: 66015 kern.random.use_chacha20_cipher: 0 kern.random.random_sources: 'Intel Secure Key RNG' +kern.random.initial_seeding.bypass_before_seeding: 1 +kern.random.initial_seeding.read_random_bypassed_before_seeding: 0 +kern.random.initial_seeding.arc4random_bypassed_before_seeding: 0 +kern.random.initial_seeding.disable_bypass_warnings: 0 .Ed .Pp Other than @@ -132,6 +136,55 @@ for more on the harvesting of entropy. .Bl -tag -width ".Pa /dev/urandom" .It Pa /dev/random .It Pa /dev/urandom +.El +.Sh DIAGNOSTICS +The following tunables are related to initial seeding of the +.Nm +device: +.Bl -tag -width 4 +.It Va kern.random.initial_seeding.bypass_before_seeding +Defaults to 1 (on). +When set, the system will bypass the +.Nm +device prior to initial seeding. +On is +.Em unsafe , +but provides availability on many systems that lack early sources +of entropy, or cannot load +.Pa /boot/entropy +sufficiently early in boot for +.Nm +consumers. +When unset (0), the system will block +.Xr read_random 9 +and +.Xr arc4random 9 +requests if and until the +.Nm +device is initially seeded. +.It Va kern.random.initial_seeding.disable_bypass_warnings +Defaults to 0 (off). +When set non-zero, disables warnings in dmesg when the +.Nm +device is bypassed. +.El +.Pp +The following read-only +.Xr sysctl 8 +variables allow programmatic diagnostic of whether +.Nm +device bypass occurred during boot. +If they are set (non-zero), the specific functional unit bypassed the strong +.Nm +device output and either produced no output +.Xr ( read_random 9 ) +or seeded itself with minimal, non-cryptographic entropy +.Xr ( arc4random 9 ) . +.Bl -bullet +.It +.Va kern.random.initial_seeding.read_random_bypassed_before_seeding +.It +.Va kern.random.initial_seeding.arc4random_bypassed_before_seeding .El .Sh SEE ALSO .Xr getrandom 2 ,