Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 03 Dec 2022 09:06:16 +0000
From:      =?utf-8?Q?Mina_Gali=C4=87?= <me+freebsd@igalic.co>
To:        Max Baroi <max@baroi.com>
Cc:        current@freebsd.org
Subject:   Re: Consequences of disabling vtrnd
Message-ID:  <rxSYM6l95HCnQa5UeO_M0ns1IJl5IGLqBTMuygOFjPuYBhzqFDXVXBhyDlEZW8kA7g0SJx5bdh9-nvLPo8xSGejYDdveifb9cB5uPqM6AfA=@igalic.co>
In-Reply-To: <da44fc3c-0179-451e-aca5-37a41cebad58@baroi.com>
References:  <da44fc3c-0179-451e-aca5-37a41cebad58@baroi.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

Hi Max,

> If this is not the appropriate place, I apologize.
>=20
> Installing on an instance on vultr.com from booting from the standard ima=
ge hangs. This is pretty well documented, and the equally well documented w=
orkaround is disabling vtrnd.
>=20
> But are there lingering consequences from setting hint.vtrnd.disabled in =
the boot menu? The man page says virtio_random supplies the guest with high=
-quality random bits from the host. With this disabled, is the guest's entr=
opy pool populated from a different high quality source or does the workaro=
und leave the guest with only low entropy sources?

The main consequence is that we go from:

kern.random.random_sources: 'VirtIO Entropy Adapter','Intel Secure Key RNG'
kern.random.harvest.mask_symbolic: PURE_VIRTIO,PURE_RDRAND,[CALLOUT],[UMA],=
[FS_ATIME],SWI,INTERRUPT,NET_NG,[NET_ETHER],NET_TUN,MOUSE,KEYBOARD,ATTACH,C=
ACHED

to:

kern.random.random_sources: 'Intel Secure Key RNG'
kern.random.harvest.mask_symbolic: PURE_RDRAND,[CALLOUT],[UMA],[FS_ATIME],S=
WI,INTERRUPT,NET_NG,[NET_ETHER],NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED

That is: The virtual machine already had the capability of emulating Intel =
Secure Key RNG, and we're falling back to that scenario.

> Thanks for any reply,
> Max Baroi

Kind regards,

Mina Gali=C4=87

Try PkgBase: https://alpha.pkgbase.live/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?rxSYM6l95HCnQa5UeO_M0ns1IJl5IGLqBTMuygOFjPuYBhzqFDXVXBhyDlEZW8kA7g0SJx5bdh9-nvLPo8xSGejYDdveifb9cB5uPqM6AfA=>