Date: Tue, 13 Apr 2004 17:02:07 -0400 From: Charles Swiger <cswiger@mac.com> Cc: freebsd-current@freebsd.org Subject: Re: dev/random Message-ID: <D30E2B24-8D8D-11D8-B697-003065ABFD92@mac.com> In-Reply-To: <20040413191058.GF20550@Odin.AC.HMC.Edu> References: <200404131550.i3DFocIn099231@grimreaper.grondar.org> <428207C0-8D7B-11D8-B697-003065ABFD92@mac.com> <20040413191058.GF20550@Odin.AC.HMC.Edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 13, 2004, at 3:10 PM, Brooks Davis wrote: > On Tue, Apr 13, 2004 at 02:49:14PM -0400, Charles Swiger wrote: >> Why not set $entropy_dir in rc.conf and kickstart /dev/random using >> much higher quality entropy available when the machine was shutdown >> last? > > You don't get to assume the existance of rc.conf until after > initdiskless runs. And Mark Murray referred me to diskless workstations as well. OK. From what I remember, one used BOOTP and TFTPD to provide a standalone executable (for an X11 terminal, say) or a kernel, and the latter would then perform an NFS mount to obtain a root filesystem and an init program to run, which would then call the RC mechanism to mount more filesystems and do whatever else is needed to boot the system. [ By the way, I did not find documentation in rc.8 which mentions initdiskless as a special case, but perhaps it might be worth referring to diskless.8 from the former manpage. ] Anyway, if /etc/rc.d/initdiskless is available, you've got a root filesystem to read from, so can't one nudge the diskless client's /dev/random using entropy from a file stored on it? Or perhaps the /usr/share/examples/diskless/clone_root script could call mknod to create a clone of the server's /dev/random device under the diskless root directory, to provide different "real" entropy for each diskless client? Both of these suggestions are made under the assumption that one can't simply make /dev/random readable without being nudged, and one cannot utilize rcNG dependencies to start /etc/rc.d/random properly (ie, before something want to use /dev/random) for the reason that Brooks mentioned above. :-) -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D30E2B24-8D8D-11D8-B697-003065ABFD92>