From owner-freebsd-arch@FreeBSD.ORG Thu Aug 8 21:58:40 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id CB5C530B; Thu, 8 Aug 2013 21:58:40 +0000 (UTC) (envelope-from sgk@troutmask.apl.washington.edu) Received: from troutmask.apl.washington.edu (troutmask.apl.washington.edu [128.95.76.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 8A1A4263A; Thu, 8 Aug 2013 21:58:40 +0000 (UTC) Received: from troutmask.apl.washington.edu (localhost.apl.washington.edu [127.0.0.1]) by troutmask.apl.washington.edu (8.14.7/8.14.7) with ESMTP id r78LwYhr001774; Thu, 8 Aug 2013 14:58:34 -0700 (PDT) (envelope-from sgk@troutmask.apl.washington.edu) Received: (from sgk@localhost) by troutmask.apl.washington.edu (8.14.7/8.14.7/Submit) id r78LwYib001773; Thu, 8 Aug 2013 14:58:34 -0700 (PDT) (envelope-from sgk) Date: Thu, 8 Aug 2013 14:58:34 -0700 From: Steve Kargl To: obrien@freebsd.org, secteam@freebsd.org, freebsd-arch@freebsd.org, Arthur Mesh Subject: Re: random(4) plugin infrastructure for mulitple RNG in a modular fashion Message-ID: <20130808215834.GA1732@troutmask.apl.washington.edu> References: <20130807182858.GA79286@dragon.NUXI.org> <20130807192736.GA7099@troutmask.apl.washington.edu> <20130808213449.GD95000@dragon.NUXI.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20130808213449.GD95000@dragon.NUXI.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 08 Aug 2013 21:58:40 -0000 On Thu, Aug 08, 2013 at 02:34:49PM -0700, David O'Brien wrote: > On Wed, Aug 07, 2013 at 12:27:36PM -0700, Steve Kargl wrote: > > On Wed, Aug 07, 2013 at 11:28:58AM -0700, David O'Brien wrote: > > > * Make Yarrow an optional kernel component -- enabled by "YARROW_RNG" > > > option. The files sha2.c, hash.c, randomdev_soft.c and yarrow.c > .. > > My kernel config files have included the following 2 lines for > > ages: > > makeoptions NO_MODULES > > device random > > > > If I try to build a new kernel under your scheme, will the > > build die with an error about a missing option? > > You haven't given enough information to answer the question. Your kernel > config does not have just those two lines. Is there an "include GENERIC" > or something else above it? What is your full kernel config? No 'include GENERIC'. See config file after sig. > > > If the answer > > is 'no', then the yarrow adaptor should be opt-out. > > There is no build issue (i.e., missing symbols). "device random" in the > changeset is just the device (/dev/[u]random) implimentation. The many > RNG's that provide the output. The issue is quite simple. If I do not use modules and only include 'device random' in my config file, will this result in a crippled/broken/non-functioning /dev/random? > Do you really not read UPDATING and the release notes when you upgrade to > to a .0 release? How did you learn about other config lines I'm sure > you've changed over th years. I never see a .0 release as I only run -current. I scan UPDATING when I see a chnage has been made to it via svn-src-all. I missed your change to UPDATING because a broken procmail rule filtered that particular commit. I note that I don't update my systems every 24 hours. There is sometimes a 2 or 3 month lag between a full upgrade, so I may forget that someone potential change a kernel option or broke a kernel facility. In this case, inveriably 'make buildkernel' kernel dies a horrible death. -- Steve cpu HAMMER ident HPC makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols makeoptions NO_MODULES maxusers 0 options SCHED_4BSD # 4BSD scheduler options PREEMPTION # Enable kernel thread preemption options INET # InterNETworking options INET6 # IPv6 communications protocols options SCTP # Stream Transmission Control Protocol options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_DIRHASH # Improve performance on big directories options NFSCL # New Network Filesystem Client options NFSD # New Network Filesystem Server options MSDOSFS # MSDOS Filesystem options CD9660 # ISO 9660 Filesystem options PROCFS # Process filesystem (requires PSEUDOFS) options FDESCFS options PSEUDOFS # Pseudo-filesystem framework options COMPAT_LINUX32 options LINPROCFS options COMPAT_43TTY # BSD 4.3 TTY compat [KEEP THIS!] options COMPAT_FREEBSD32 # Compatible with i386 binaries options COMPAT_FREEBSD7 # Compatible with i386 binaries options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI options KTRACE # ktrace(1) support options SYSVSHM # SYSV-style shared memory options SYSVMSG # SYSV-style message queues options SYSVSEM # SYSV-style semaphores options P1003_1B_SEMAPHORES options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions options KBD_INSTALL_CDEV # install a CDEV entry in /dev # Debugging for use in -current options KDB # Enable kernel debugger support. options DDB # Support DDB. options GDB # Support remote GDB. #options INVARIANTS # Enable calls of extra sanity checking #options INVARIANT_SUPPORT # Extra sanity checks of internal structures, required by INVARIANTS #options WITNESS # Enable checks to detect deadlocks and cycles #options WITNESS_SKIPSPIN # Don't run witness on spinlocks for speed # Default partitioning schemes options GEOM_PART_GPT # GUID Partition Tables. options GEOM_LABEL # Provides labelization # Make an SMP-capable kernel by default options SMP # Symmetric MultiProcessor Kernel # Bus support. device acpi device pci # Floppy drives options FDC_DEBUG device fdc # New CAM ATA and ATAPI devices device ata device ahci device mvs device siis # SCSI Controllers device ahc # AHA2940 and onboard AIC7xxx devices options AHC_REG_PRETTY_PRINT # Print register bitfields in debug # SCSI peripherals device scbus # SCSI bus (required for SCSI) device ch # SCSI media changers device da # Direct Access (disks) device sa # Sequential Access (tape etc) device cd # CD device pass # Passthrough device (direct SCSI access) device ses # SCSI Environmental Services (and SAF-TE) # atkbdc0 controls both the keyboard and the PS/2 mouse device atkbdc # AT keyboard controller device atkbd # AT keyboard #device psm # PS/2 mouse device kbdmux # keyboard multiplexer device vga # VGA video card driver device splash # Splash screen and screen saver support # syscons is the default console driver, resembling an SCO console device sc device agp # support several AGP chipsets device drm # DRM core module required by DRM drivers device mach64drm # ATI Rage Pro, Rage Mobility P/M, Rage XL # Serial (COM) ports device uart # 8250, 16[45]50 based serial ports # Parallel port device ppc device ppbus # Parallel port bus (required) device lpt # Printer device ppi # Parallel port interface device # PCI Ethernet NICs that use the common MII bus controller code. # NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! device miibus # MII bus support device bge # Broadcom BCM570xx Gigabit Ethernet device fxp # Pseudo devices. device loop # Network loopback device random # Entropy device device ether # Ethernet support device tun # Packet tunnel. device pty # Pseudo-ttys (telnet etc) device md # Memory "disks" device gif # IPv6 and IPv4 tunneling device faith # IPv6-to-IPv4 relaying (translation) device firmware # firmware assist module # The `bpf' device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! # Note that 'bpf' is required for DHCP. device bpf # Berkeley packet filter # USB support device uhci # UHCI PCI->USB interface device ohci # OHCI PCI->USB interface device ehci # EHCI PCI->USB interface (USB 2.0) device usb # USB Bus (required) device uhid # "Human Interface Devices" device ukbd # Keyboard device umass # Disks/Mass storage - Requires scbus and da device ums # Mouse options MAXDSIZ=(8UL*1024UL*1024*1024) options MAXSSIZ=(1024UL*1024*1024) options DFLDSIZ=(1024UL*1024*1024) # This allows you to actually store this configuration file into # the kernel binary itself, where it may be later read by saying: # strings -n 3 /boot/kernel/kernel | sed -n 's/^___//p' > MYKERNEL # options INCLUDE_CONFIG_FILE # Include this file in kernel # # Don't enter the debugger for a panic. Intended for unattended operation # where you may want to enter the debugger from the console, but still want # the machine to recover from a panic. # options KDB_UNATTENDED # Size of the kernel message buffer. Should be N * pagesize. options MSGBUF_SIZE=81920 device blank_saver options MAXCONS=8 # number of virtual consoles device amdtemp # Temperature sensors. device smbus # Bus support, required for smb below. device amdsmb device smb # device iicbus # Bus support, required for ic/iic/iicsmb below. device iicbb device ic device iic device iicsmb # smb over i2c bridge device hwpmc # Driver (also a loadable module) options HWPMC_HOOKS # Other necessary kernel hooks