From owner-freebsd-current@FreeBSD.ORG Tue Apr 13 14:02:17 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4131616A4CE for ; Tue, 13 Apr 2004 14:02:17 -0700 (PDT) Received: from smtpout.mac.com (smtpout.mac.com [17.250.248.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0689143D2F for ; Tue, 13 Apr 2004 14:02:17 -0700 (PDT) (envelope-from cswiger@mac.com) Received: from mac.com (smtpin08-en2 [10.13.10.153]) by smtpout.mac.com (Xserve/MantshX 2.0) with ESMTP id i3DL2G1N001737 for ; Tue, 13 Apr 2004 14:02:16 -0700 (PDT) Received: from [10.1.1.193] (nfw2.codefab.com [199.103.21.225] (may be forged)) (authenticated bits=0) by mac.com (Xserve/smtpin08/MantshX 3.0) with ESMTP id i3DL2FBP025068 for ; Tue, 13 Apr 2004 14:02:16 -0700 (PDT) Mime-Version: 1.0 (Apple Message framework v613) In-Reply-To: <20040413191058.GF20550@Odin.AC.HMC.Edu> References: <200404131550.i3DFocIn099231@grimreaper.grondar.org> <428207C0-8D7B-11D8-B697-003065ABFD92@mac.com> <20040413191058.GF20550@Odin.AC.HMC.Edu> Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: Content-Transfer-Encoding: 7bit Cc: freebsd-current@freebsd.org From: Charles Swiger Date: Tue, 13 Apr 2004 17:02:07 -0400 X-Mailer: Apple Mail (2.613) Subject: Re: dev/random X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Apr 2004 21:02:17 -0000 On Apr 13, 2004, at 3:10 PM, Brooks Davis wrote: > On Tue, Apr 13, 2004 at 02:49:14PM -0400, Charles Swiger wrote: >> Why not set $entropy_dir in rc.conf and kickstart /dev/random using >> much higher quality entropy available when the machine was shutdown >> last? > > You don't get to assume the existance of rc.conf until after > initdiskless runs. And Mark Murray referred me to diskless workstations as well. OK. From what I remember, one used BOOTP and TFTPD to provide a standalone executable (for an X11 terminal, say) or a kernel, and the latter would then perform an NFS mount to obtain a root filesystem and an init program to run, which would then call the RC mechanism to mount more filesystems and do whatever else is needed to boot the system. [ By the way, I did not find documentation in rc.8 which mentions initdiskless as a special case, but perhaps it might be worth referring to diskless.8 from the former manpage. ] Anyway, if /etc/rc.d/initdiskless is available, you've got a root filesystem to read from, so can't one nudge the diskless client's /dev/random using entropy from a file stored on it? Or perhaps the /usr/share/examples/diskless/clone_root script could call mknod to create a clone of the server's /dev/random device under the diskless root directory, to provide different "real" entropy for each diskless client? Both of these suggestions are made under the assumption that one can't simply make /dev/random readable without being nudged, and one cannot utilize rcNG dependencies to start /etc/rc.d/random properly (ie, before something want to use /dev/random) for the reason that Brooks mentioned above. :-) -- -Chuck