Date: Fri, 21 Sep 2012 13:22:22 -0700 From: Doug Barton <dougb@FreeBSD.org> To: Pawel Jakub Dawidek <pjd@FreeBSD.org> Cc: freebsd-security@FreeBSD.org, David O'Brien <obrien@FreeBSD.org> Subject: Re: Collecting entropy from device_attach() times. Message-ID: <505CCC7E.5080205@FreeBSD.org> In-Reply-To: <20120921070956.GA1382@garage.freebsd.pl> References: <20120918211422.GA1400@garage.freebsd.pl> <20120919223459.GC25606@dragon.NUXI.org> <20120921053549.GF1407@garage.freebsd.pl> <20120921060815.GA42778@dragon.NUXI.org> <20120921070956.GA1382@garage.freebsd.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09/21/2012 12:09 AM, Pawel Jakub Dawidek wrote: > On Thu, Sep 20, 2012 at 11:08:15PM -0700, David O'Brien wrote: >> On Fri, Sep 21, 2012 at 07:35:49AM +0200, Pawel Jakub Dawidek wrote: >>> Note that adding sysctl to turn off entropy harvesting from >>> device_attach() is pretty useless, as sysctls can be changed once we >>> start userland and then all device_attach() are already called (modulo >>> drivers loaded later). Devices can be added at any time in the life of the system via USB, and other interfaces. >> That is what I had in mind -- .ko drivers loaded post 'initrandom'. >> >> The same could be said for kern.random.sys.harvest.interrupt. >> By the time kern.random.sys.harvest.interrupt can be turned off, >> my test system has already processed 784 'origin interrupt' queue >> entries and went from kern.random.sys.seeded=0->1. > > Yes, this is exactly why I'd like to see corresponding tunable for all > those sysctls. Agreed.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?505CCC7E.5080205>