Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 22 Nov 2014 12:05:41 +0000
From:      Mark R V Murray <mark@grondar.org>
To:        Ian Lepore <ian@FreeBSD.org>
Cc:        "freebsd-arch@freebsd.org" <arch@freebsd.org>
Subject:   Re: svn commit: r274739 - head/sys/mips/conf
Message-ID:  <1FF084FC-A8FF-4B5D-B9DA-6B5D50B22BDC@grondar.org>
In-Reply-To: <1416608405.1147.307.camel@revolution.hippie.lan>
References:  <201411200552.sAK5qnXP063073@svn.freebsd.org> <20141120084832.GE24601@funkthat.com> <AE8F2D30-7F91-4C90-B79A-D99857D8AED8@grondar.org> <20141121092245.GI99957@funkthat.com> <1416582989.1147.250.camel@revolution.hippie.lan> <026FEB8A-CA8C-472F-A8E4-DA3D0AC44B34@grondar.org> <1416596266.1147.290.camel@revolution.hippie.lan> <F017033A-B761-4435-A7F8-264D2F4662A0@grondar.org> <1416598889.1147.297.camel@revolution.hippie.lan> <7387FDB9-206F-418F-8B0B-D1FB9723A4D7@grondar.org> <CAJ-VmonofBOXkDbSgyy0su=ARFmgUyX_qyG=71yJQkJ=ruc%2BZA@mail.gmail.com> <1416608405.1147.307.camel@revolution.hippie.lan>
next in thread | previous in thread | raw e-mail | index | archive | help 

> On 21 Nov 2014, at 22:20, Ian Lepore <ian@FreeBSD.org> wrote:
>=20
> My situation is different... I'm talking about devices in which there =
is
> no exposure to such hazards, most often because the device is a small
> part of some larger system and the protections are provided by the =
wider
> environment (if that's even an issue, for example if a network
> connection is even part of the system).

Lets try a couple of things.

1) Please see if changing to Fortuna gets you an unlocked device quickly =
enough:

device          random                  # Entropy device
options         RANDOM_DEBUG
options         RANDOM_FORTUNA          # Use the Fortuna CSPRNG
#options	RANDOM_YARROW		# The default

2) If you are staying with Yarrow, then try setting these sysctls =
suitably early:

kern.random.yarrow.fastthresh: 48
kern.random.yarrow.slowthresh: 64
kern.random.yarrow.slowoverthresh: 1

In either case, please post verbose output from a clean boot.

M
--=20
Mark R V Murray

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1FF084FC-A8FF-4B5D-B9DA-6B5D50B22BDC>