From owner-freebsd-arch@FreeBSD.ORG  Thu Aug  8 15:48:29 2013
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 6A9367FD;
 Thu,  8 Aug 2013 15:48:29 +0000 (UTC)
 (envelope-from sgk@troutmask.apl.washington.edu)
Received: from troutmask.apl.washington.edu (troutmask.apl.washington.edu
 [128.95.76.21])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4DD9D2DB9;
 Thu,  8 Aug 2013 15:48:29 +0000 (UTC)
Received: from troutmask.apl.washington.edu (localhost.apl.washington.edu
 [127.0.0.1])
 by troutmask.apl.washington.edu (8.14.6/8.14.6) with ESMTP id r78FmSUI021781; 
 Thu, 8 Aug 2013 08:48:28 -0700 (PDT)
 (envelope-from sgk@troutmask.apl.washington.edu)
Received: (from sgk@localhost)
 by troutmask.apl.washington.edu (8.14.6/8.14.6/Submit) id r78FmSOi021780;
 Thu, 8 Aug 2013 08:48:28 -0700 (PDT) (envelope-from sgk)
Date: Thu, 8 Aug 2013 08:48:28 -0700
From: Steve Kargl <sgk@troutmask.apl.washington.edu>
To: John Baldwin <jhb@freebsd.org>
Subject: Re: random(4) plugin infrastructure for mulitple RNG in a modular
 fashion
Message-ID: <20130808154828.GA21740@troutmask.apl.washington.edu>
References: <20130807182858.GA79286@dragon.NUXI.org>
 <20130807192736.GA7099@troutmask.apl.washington.edu>
 <CAGE5yCq+s6kYtVYyxi27RAqPmvpV42nNNykm2+2x1EJGCihYXw@mail.gmail.com>
 <201308081023.53040.jhb@freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <201308081023.53040.jhb@freebsd.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: Arthur Mesh <arthurmesh@gmail.com>, secteam@freebsd.org,
 freebsd-arch@freebsd.org
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Aug 2013 15:48:29 -0000

On Thu, Aug 08, 2013 at 10:23:52AM -0400, John Baldwin wrote:
> On Wednesday, August 07, 2013 4:20:29 pm Peter Wemm wrote:
> > On Wed, Aug 7, 2013 at 12:27 PM, Steve Kargl
> > <sgk@troutmask.apl.washington.edu> wrote:
> > > On Wed, Aug 07, 2013 at 11:28:58AM -0700, David O'Brien wrote:
> > >>
> > >> * Make Yarrow an optional kernel component -- enabled by "YARROW_RNG"
> > >>   option.  The files sha2.c, hash.c, randomdev_soft.c and yarrow.c
> > >>   comprise yarrow.  random(4) device doesn't really depend on
> > >>   rijndael-*.  Yarrow, however, does.
> > >>
> > >> * If the kernel doesn't have any random_adaptor adapters present then
> > >>   the creation of /dev/random is postponed until next random_adaptor
> > >>    is kldload'ed.
> > >
> > > My kernel config files have included the following 2 lines for
> > > ages:
> > >
> > > makeoptions  NO_MODULES
> > > device       random
> > >
> > > If I try to build a new kernel under your scheme, will the
> > > build die with an error about a missing option?  If the answer
> > > is 'no', then the yarrow adaptor should be opt-out.
> > 
> > That's the main point here.
> > 
> > If I'm running on a working system, I have a reasonable expectation
> > that the kernel config I was using yesterday will work sufficiently
> > tomorrow that I won't get hosed by doing a 'svn update && make
> > buildkernel && make installkernel'.
> > 
> > If that's not the case and there is a required change in order to not
> > hose your system then POLA dictates that not making the required
> > changes causes a build failure.
> > 
> > There's more leeway on head than a stable branch, but remember that
> > when people upgrade from 9.x to 10.x they tend to take their 9.x
> > kernel configs and make whatever changes are needed to get it to
> > build.  The 9-stable -> 10-release config path needs to catch fatal
> > errors like this at build time.
> > 
> > Patching GENERIC isn't a complete solution.  It doesn't solve the
> > 'yesterday it worked, today it's a brick' problem.
> 
> The counter to this is that in the recent past, any suggestion to add anything
> to DEFAULTS was met with "that's the wrong way".  In actual fact, changes
> to GENERIC happen quite often, and we often break older kernel configs from
> older branches (ATA_CAM is no longer in 10 for example).  I'm not sure I buy 
> the argument that we can never break kernel configs from older branches.

When ATA_CAM went away, if one had not updated his kernel config file,
then 'make buildkernel' failed.  With David's change, one would build
a seemingly fine kernel, and when it boots "Bad Things" (tm) can/may/will
occur.  

Also note, yarrow is already the default (P)RNG.  David is decoupling
it from /dev/random.  By adding it to DEFAULTS, one is only making the
current relationship between /dev/random and yarrow explicit.

-- 
Steve