Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 03 Sep 2019 14:07:17 -0000
From:      Conrad Meyer <cem@freebsd.org>
To:        Warner Losh <imp@bsdimp.com>
Cc:        src-committers <src-committers@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>,  svn-src-head <svn-src-head@freebsd.org>
Subject:   Re: svn commit: r346250 - in head: share/man/man4 share/man/man9 sys/dev/random sys/kern sys/libkern sys/sys
Message-ID:  <CAG6CVpWtykqYCaX5CrHKWH-Aj3Hm8YaDVJqyhVjwZEx4POAO2Q@mail.gmail.com>
In-Reply-To: <CANCZdfrUYbE89nHkKWkNiktmSGyE=jAX_jQk5ZxY-%2B6GZZNoJg@mail.gmail.com>
References:  <201904162251.x3GMp2aF097103@gndrsh.dnsmgr.net> <4d6b8a14-b053-9ed1-14b2-bbc359ac9413@FreeBSD.org> <CAG6CVpUskcW9KBPOhevYNQ9fTDd91Rvh2N50Y1xHubSp7JFE4Q@mail.gmail.com> <48b25255-3d66-69fc-658b-6176ebaf4640@FreeBSD.org> <CANCZdfrUYbE89nHkKWkNiktmSGyE=jAX_jQk5ZxY-%2B6GZZNoJg@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi Warner,

On Wed, Apr 17, 2019 at 10:16 AM Warner Losh <imp@bsdimp.com> wrote:
> I'm going to put a very fine point on this: any hard-requirement of entro=
py sources is a non-starter. If you require that, your commit will be backe=
d out and/or hacked around by the addition of a nob in the future. It will =
happen. Don't pretend you can say 'but things weren't random enough' will c=
arry the day. It will not.
>
> That's why I specifically requested a MD routine to be called when there'=
s no source of entropy: that will let special needs folks do the right thin=
g. It's also why I asked for a way to say "don't ever block waiting for ent=
ropy, soldier on the best you can, but set some variable that can be expose=
d to userland so that early in /etc/rc automation can be written to decide =
what to do when that condition exists: generate entropy and reboot, report =
it to some central control, nothing" since that will give the tools for dif=
ferent reactions.
>
> For our application it is *NEVER* OK to block the boot because there's no=
t enough randomness. We'd rather solider on with crappy randomness and want=
 the boot to proceed not matter what. We want the information that we had t=
o make compromises along the way to make it happen so we can decide the rig=
ht course of action for our appliances.

I think John's proposed big knob to disable hard-requirement of
entropy, and a warning on dmesg, pretty much covers your applications'
needs.  Do you agree?

The random framework has already got ways to register random sources;
special needs MD folks can always register their own fako fast random
source.  I.e., the randomdev entropy intake framework is already
general with room for MD-specific drivers (of which several exist
today).

Take care,
Conrad





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpWtykqYCaX5CrHKWH-Aj3Hm8YaDVJqyhVjwZEx4POAO2Q>