Date: Fri, 21 Sep 2012 09:09:56 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: David O'Brien <obrien@FreeBSD.org> Cc: freebsd-security@FreeBSD.org Subject: Re: Collecting entropy from device_attach() times. Message-ID: <20120921070956.GA1382@garage.freebsd.pl> In-Reply-To: <20120921060815.GA42778@dragon.NUXI.org> References: <20120918211422.GA1400@garage.freebsd.pl> <20120919223459.GC25606@dragon.NUXI.org> <20120921053549.GF1407@garage.freebsd.pl> <20120921060815.GA42778@dragon.NUXI.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--lrZ03NoBR/3+SXJZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Sep 20, 2012 at 11:08:15PM -0700, David O'Brien wrote: > On Fri, Sep 21, 2012 at 07:35:49AM +0200, Pawel Jakub Dawidek wrote: > > Note that adding sysctl to turn off entropy harvesting from > > device_attach() is pretty useless, as sysctls can be changed once we > > start userland and then all device_attach() are already called (modulo > > drivers loaded later). >=20 > That is what I had in mind -- .ko drivers loaded post 'initrandom'. >=20 > The same could be said for kern.random.sys.harvest.interrupt. > By the time kern.random.sys.harvest.interrupt can be turned off, > my test system has already processed 784 'origin interrupt' queue > entries and went from kern.random.sys.seeded=3D0->1. Yes, this is exactly why I'd like to see corresponding tunable for all those sysctls. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --lrZ03NoBR/3+SXJZ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlBcEsQACgkQForvXbEpPzStFACeOALT31CDBZgi3wA843QKK+NQ NaQAnRmjjgU+Zv70L/H+FG9pPz682eOf =Bqar -----END PGP SIGNATURE----- --lrZ03NoBR/3+SXJZ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120921070956.GA1382>