Date: Sun, 2 Nov 2014 13:18:27 +0000 From: Mark R V Murray <mark@grondar.org> To: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r273958 - head/sys/dev/random Message-ID: <2B5FAE76-C3F7-4299-8B1F-AC9C660C7505@grondar.org> In-Reply-To: <86mw894vws.fsf@nine.des.no> References: <201411020201.sA221unt091493@svn.freebsd.org> <720EB74E-094A-43F3-8B1C-47BC7F6FECC3@grondar.org> <86mw894vws.fsf@nine.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 2 Nov 2014, at 12:41, Dag-Erling Sm=C3=B8rgrav <des@des.no> wrote: >=20 > Mark R V Murray <mark@grondar.org> writes: >> I=E2=80=99m scared witless of this being on-by-default, for the = reason given >> in the removed comment. I=E2=80=99d much prefer to see it only turned = on if a >> kernel option is set, and the embedded folks /et al/ can use that. >=20 > You didn't seem to mind this code when we introduced it in 10-CURRENT. > Removing it breaks pretty much everything, not just embedded systems. > We can add a sysctl to turn it off, but it has to be on by default. I=E2=80=99ve had a closer look at things, and I=E2=80=99m coming round = to your side. Note that this has NO effect on Fortuna. Fortuna=E2=80=99s self-starting = appears to be more reliable. > Note that the alternative is to feed more trash into /dev/random at > boot, as we did before. It may give us a warm and fuzzy feeling which > we don't get from automatically seeding, but the reality is that we = have > no idea how good that trash is either. In fact, most of what we used = to > feed into /dev/random at boot (ps, sysctls etc) was constant or nearly > so. I prefer to trust that we get enough entropy from attachtimes and > I/O in the boot process - and the data I gathered indicates that there > is more than enough entropy from attachtimes alone, even on SFF = systems > and VMs. OK, Fair enough. :-) >> Moving the point of the auto-firstseed to where is good, thanks. >=20 > ...except that I'm not sure it doesn't break root-on-geli etc, but at > least it doesn't break it more than not having auto-firstseed at all. M --=20 Mark R V Murray
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2B5FAE76-C3F7-4299-8B1F-AC9C660C7505>