Date: Wed, 17 Apr 2019 10:35:59 -0700 From: Conrad Meyer <cem@freebsd.org> To: Warner Losh <imp@bsdimp.com> Cc: src-committers <src-committers@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>, svn-src-head <svn-src-head@freebsd.org> Subject: Re: svn commit: r346250 - in head: share/man/man4 share/man/man9 sys/dev/random sys/kern sys/libkern sys/sys Message-ID: <CAG6CVpWtykqYCaX5CrHKWH-Aj3Hm8YaDVJqyhVjwZEx4POAO2Q@mail.gmail.com> In-Reply-To: <CANCZdfrUYbE89nHkKWkNiktmSGyE=jAX_jQk5ZxY-%2B6GZZNoJg@mail.gmail.com> References: <201904162251.x3GMp2aF097103@gndrsh.dnsmgr.net> <4d6b8a14-b053-9ed1-14b2-bbc359ac9413@FreeBSD.org> <CAG6CVpUskcW9KBPOhevYNQ9fTDd91Rvh2N50Y1xHubSp7JFE4Q@mail.gmail.com> <48b25255-3d66-69fc-658b-6176ebaf4640@FreeBSD.org> <CANCZdfrUYbE89nHkKWkNiktmSGyE=jAX_jQk5ZxY-%2B6GZZNoJg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Warner, On Wed, Apr 17, 2019 at 10:16 AM Warner Losh <imp@bsdimp.com> wrote: > I'm going to put a very fine point on this: any hard-requirement of entro= py sources is a non-starter. If you require that, your commit will be backe= d out and/or hacked around by the addition of a nob in the future. It will = happen. Don't pretend you can say 'but things weren't random enough' will c= arry the day. It will not. > > That's why I specifically requested a MD routine to be called when there'= s no source of entropy: that will let special needs folks do the right thin= g. It's also why I asked for a way to say "don't ever block waiting for ent= ropy, soldier on the best you can, but set some variable that can be expose= d to userland so that early in /etc/rc automation can be written to decide = what to do when that condition exists: generate entropy and reboot, report = it to some central control, nothing" since that will give the tools for dif= ferent reactions. > > For our application it is *NEVER* OK to block the boot because there's no= t enough randomness. We'd rather solider on with crappy randomness and want= the boot to proceed not matter what. We want the information that we had t= o make compromises along the way to make it happen so we can decide the rig= ht course of action for our appliances. I think John's proposed big knob to disable hard-requirement of entropy, and a warning on dmesg, pretty much covers your applications' needs. Do you agree? The random framework has already got ways to register random sources; special needs MD folks can always register their own fako fast random source. I.e., the randomdev entropy intake framework is already general with room for MD-specific drivers (of which several exist today). Take care, Conrad
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG6CVpWtykqYCaX5CrHKWH-Aj3Hm8YaDVJqyhVjwZEx4POAO2Q>