From owner-freebsd-arch@FreeBSD.ORG Thu Aug 8 21:59:00 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 5C7E83C4; Thu, 8 Aug 2013 21:59:00 +0000 (UTC) (envelope-from sjg@juniper.net) Received: from db8outboundpool.messaging.microsoft.com (mail-db8lp0185.outbound.messaging.microsoft.com [213.199.154.185]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id DDCA02641; Thu, 8 Aug 2013 21:58:59 +0000 (UTC) Received: from mail18-db8-R.bigfish.com (10.174.8.237) by DB8EHSOBE003.bigfish.com (10.174.4.66) with Microsoft SMTP Server id 14.1.225.22; Thu, 8 Aug 2013 21:58:57 +0000 Received: from mail18-db8 (localhost [127.0.0.1]) by mail18-db8-R.bigfish.com (Postfix) with ESMTP id 42341AE010E; Thu, 8 Aug 2013 21:58:57 +0000 (UTC) X-Forefront-Antispam-Report: CIP:66.129.224.54; KIP:(null); UIP:(null); IPV:NLI; H:P-EMF01-SAC.jnpr.net; RD:none; EFVD:NLI X-SpamScore: 2 X-BigFish: VPS2(zz1432Izz1f42h208ch1ee6h1de0h1fdah2073h1202h1e76h1d1ah1d2ah1fc6h1082kzzz2fh2a8h668h839hf0ah1288h12a5h12a9h12bdh12e5h137ah139eh13b6h1441h14ddh1504h1537h162dh1631h1758h1898h18e1h1946h19b5h1ad9h1b0ah1b2fh1b88h1fb3h1d0ch1d2eh1d3fh1de2h1dfeh1dffh1e23h1fe8h1155h) Received-SPF: pass (mail18-db8: domain of juniper.net designates 66.129.224.54 as permitted sender) client-ip=66.129.224.54; envelope-from=sjg@juniper.net; helo=P-EMF01-SAC.jnpr.net ; SAC.jnpr.net ; Received: from mail18-db8 (localhost.localdomain [127.0.0.1]) by mail18-db8 (MessageSwitch) id 1375999135471142_24322; Thu, 8 Aug 2013 21:58:55 +0000 (UTC) Received: from DB8EHSMHS023.bigfish.com (unknown [10.174.8.236]) by mail18-db8.bigfish.com (Postfix) with ESMTP id 6E27E600048; Thu, 8 Aug 2013 21:58:55 +0000 (UTC) Received: from P-EMF01-SAC.jnpr.net (66.129.224.54) by DB8EHSMHS023.bigfish.com (10.174.4.33) with Microsoft SMTP Server (TLS) id 14.16.227.3; Thu, 8 Aug 2013 21:58:54 +0000 Received: from magenta.juniper.net (172.17.27.123) by P-EMF01-SAC.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.146.0; Thu, 8 Aug 2013 14:58:53 -0700 Received: from chaos.jnpr.net (chaos.jnpr.net [172.24.29.229]) by magenta.juniper.net (8.11.3/8.11.3) with ESMTP id r78LwrL05523; Thu, 8 Aug 2013 14:58:53 -0700 (PDT) (envelope-from sjg@juniper.net) Received: from chaos.jnpr.net (localhost [127.0.0.1]) by chaos.jnpr.net (Postfix) with ESMTP id 2288458097; Thu, 8 Aug 2013 14:58:53 -0700 (PDT) To: Mark R V Murray Subject: Re: random(4) plugin infrastructure for mulitple RNG in a modular fashion In-Reply-To: <94E41175-EF09-47D1-9661-9AF04E8FA9A0@grondar.org> References: <20130807182858.GA79286@dragon.NUXI.org> <20130807192736.GA7099@troutmask.apl.washington.edu> <5203968D.7060508@freebsd.org> <7018AAA9-0A88-430F-96B7-867E5F529B36@bsdimp.com> <50BE6942-CC39-413C-8E14-C6B93440901B@grondar.org> <20130808211657.GC95000@dragon.NUXI.org> <94E41175-EF09-47D1-9661-9AF04E8FA9A0@grondar.org> Comments: In-reply-to: Mark R V Murray message dated "Thu, 08 Aug 2013 22:19:46 +0100." From: "Simon J. Gerraty" X-Mailer: MH-E 7.82+cvs; nmh 1.3; GNU Emacs 22.3.1 Date: Thu, 8 Aug 2013 14:58:53 -0700 Message-ID: <20130808215853.2288458097@chaos.jnpr.net> MIME-Version: 1.0 Content-Type: text/plain X-OriginatorOrg: juniper.net X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn% Cc: Arthur Mesh , secteam@freebsd.org, Steve Kargl , freebsd-arch@freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Aug 2013 21:59:00 -0000 >> Our approach is mechanism over policy. That is, give the user the >> choice of if their HW should be used directly or fed into the SW PRNG. > >I don't see a problem with that either, as long as there are no nasty >surprises like the possibility of getting no RNG at all, and not being >in a position to notice. If there are bread crumbs to show whether an RNG is present or not in the output from config, it should be feasible to fail the build which as others have noted would be a "good thing"[TM] vs producing a toxic kernel.