Date: Sat, 7 Sep 2013 13:42:00 -0700 From: Adrian Chadd <adrian@freebsd.org> To: Ian Lepore <ian@freebsd.org> Cc: "freebsd-current@freebsd.org" <freebsd-current@freebsd.org>, Mark R V Murray <mark@grondar.org> Subject: Re: random(4) update causes mips compile fail | mips boot fail Message-ID: <CAJ-Vmonk4rFrx1i3jWe_m2aoZCzMeM_a=PYFm0yjUYxSzJhd5w@mail.gmail.com> In-Reply-To: <1378586316.1111.524.camel@revolution.hippie.lan> References: <1378572186.1588.5.camel@localhost> <24DB010A-F374-491B-9203-FDDD7EA14A51@grondar.org> <1378579011.1588.16.camel@localhost> <9240BEF1-2791-4D58-A422-08AEF1CD306C@grondar.org> <1378586316.1111.524.camel@revolution.hippie.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! On 7 September 2013 13:38, Ian Lepore <ian@freebsd.org> wrote: > I keep trying to say this, and I keep getting the feeling that it just > doesn't register with anyone I say it to, like I'm speaking some > language from another planet or something... > > There may be NO entropy of any sort available on an embedded system, and > you cannot block the ability to boot and run such a system just because > you think it's a bad idea to run without sufficient randomness. It's > not your call to make -- it's a decision for the person using or > administering the system. > > You must provide a mechanism that disables the blocking behavior. The > mechanism must be either a kernel compile-time config knob (not all > platforms use loader(8) or anything else that can set a tunable var), or > something in the rc system that can unblock /dev/random before anything > else needs it. The latter implies that the kernel itself must not block > before getting to that point in rc processing, even if it needs random > numbers for something (like cooking up a temporary MAC address). > > It's okay to make it hard to do the wrong thing by accident. It's not > okay to make it impossible to do that thing on purpose. > We discussed this at the dev summit. Mark asked what we'd like to do. Mark - would you mind terribly adding a kernel compile option that controls that blocking default, so we can flip it on for the ARM/MIPS boards that don't have a hardware PRNG to start seeding things with? -adrian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-Vmonk4rFrx1i3jWe_m2aoZCzMeM_a=PYFm0yjUYxSzJhd5w>