From owner-freebsd-arch@FreeBSD.ORG Fri Aug 9 06:47:28 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 0227FF3 for ; Fri, 9 Aug 2013 06:47:28 +0000 (UTC) (envelope-from imp@bsdimp.com) Received: from mail-ie0-f181.google.com (mail-ie0-f181.google.com [209.85.223.181]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id BED6F2185 for ; Fri, 9 Aug 2013 06:47:27 +0000 (UTC) Received: by mail-ie0-f181.google.com with SMTP id x14so3618420ief.12 for ; Thu, 08 Aug 2013 23:47:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-gm-message-state:sender:subject:mime-version:content-type:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=kF+xHmaiUJDKC9j+cRf0bnz7+2xoYwphw2nKLfJVL4E=; b=iyNrEdFHAiNEuOsFakY+YeUhRqsWvARIljfmARpE4s5W6Zo9v5tGsBPBMesTQMzga2 3qeNHNB1nh5VPZYezZnxS0Kh+cuOkeValaxHQfLeqmNN2vQmg1+Nqjpei9N5euTQolQa GxpAGTUtDsq4x0e68S7g3410yIhKMKAOaw0bFIW503pwz3mMkx3ek/PVvXDWawZTE4W2 zpyXaZkXZX+r0c7bPWPCNS/eOiUEECUvnz8zC6FmAjqhvG5ptfLH2OfshbfBk65hoVXf EXFnmHeCcFPr3CRaeaQe6VS1Ow5zG2UMB2RosquFaDgEn6ZUxORDeo37D+vgLt2vgEvG h9tg== X-Gm-Message-State: ALoCoQn3t5uNdYu1Dtw3WmmORqg9yfau2OA6OqgMOrNNTFkEEevjGOwXFf+m+NcI8jS96YlH0aZ3 X-Received: by 10.43.149.137 with SMTP id kk9mr3806017icc.109.1376030846564; Thu, 08 Aug 2013 23:47:26 -0700 (PDT) Received: from [10.0.0.53] (50-78-194-198-static.hfc.comcastbusiness.net. [50.78.194.198]) by mx.google.com with ESMTPSA id r6sm2205661igp.8.2013.08.08.23.47.24 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 08 Aug 2013 23:47:25 -0700 (PDT) Sender: Warner Losh Subject: Re: random(4) plugin infrastructure for mulitple RNG in a modular fashion Mime-Version: 1.0 (Apple Message framework v1085) Content-Type: text/plain; charset=us-ascii From: Warner Losh In-Reply-To: <20130809013346.GG95000@dragon.NUXI.org> Date: Fri, 9 Aug 2013 00:47:21 -0600 Content-Transfer-Encoding: quoted-printable Message-Id: References: <20130807182858.GA79286@dragon.NUXI.org> <20130807192736.GA7099@troutmask.apl.washington.edu> <5203968D.7060508@freebsd.org> <7018AAA9-0A88-430F-96B7-867E5F529B36@bsdimp.com> <50BE6942-CC39-413C-8E14-C6B93440901B@grondar.org> <20130808211657.GC95000@dragon.NUXI.org> <94E41175-EF09-47D1-9661-9AF04E8FA9A0@grondar.org> <20130808215853.2288458097@chaos.jnpr.net> <20130809013346.GG95000@dragon.NUXI.org> To: obrien@freebsd.org X-Mailer: Apple Mail (2.1085) Cc: Arthur Mesh , Steve Kargl , "Simon J. Gerraty" , secteam@freebsd.org, Mark R V Murray , freebsd-arch@freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Aug 2013 06:47:28 -0000 On Aug 8, 2013, at 7:33 PM, David O'Brien wrote: > On Thu, Aug 08, 2013 at 02:58:53PM -0700, Simon Gerraty wrote: >> If there are bread crumbs to show whether an RNG is present or not in >> the output from config, it should be feasible to fail the build >> which as others have noted would be a "good thing"[TM] vs producing a >> toxic kernel. >=20 > I may have misunderstood what you're saying. But if not, you're > not allowing for one using .ko's to have this functionality. >=20 > How do I fail the build if I want to have 'device random' but use > some external provided RNG thru a kernel module? The original > changeset supported that. Or for what ever reason I want to have > the choice of RNG left up to which base kernel module I load? I still don't understand why Yarrow can't be the default, fallback = mechanism that gets overridden when a new module is loaded. Rather than = arguing this point, perhaps you could work to make that possible? That = would allow you to implement things with hardware png, while still = providing a sane fallback until such time that those can be loaded,,, > 'sysctl kern.random.adaptors' showing an empty list does provide > a bread crumb. /etc/rc.d/initrandom could certainly check this > value and complain loudly. The poison has been drunk at this time, it is too late to back out = gracefully. Warner