From owner-freebsd-arch@FreeBSD.ORG  Sat Nov 22 12:05:46 2014
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: arch@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 05322DFF;
 Sat, 22 Nov 2014 12:05:46 +0000 (UTC)
Received: from gromit.grondar.org (grandfather.grondar.org
 [IPv6:2a01:348:0:15:5d59:5c20:0:2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B9CDD98E;
 Sat, 22 Nov 2014 12:05:45 +0000 (UTC)
Received: from [2001:470:9174:1:178:bba0:7b1:d5c2]
 by gromit.grondar.org with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256)
 (Exim 4.84 (FreeBSD)) (envelope-from <mark@grondar.org>)
 id 1Xs9Re-000OiQ-NK; Sat, 22 Nov 2014 12:05:42 +0000
Subject: Re: svn commit: r274739 - head/sys/mips/conf
Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\))
Content-Type: text/plain; charset=us-ascii
From: Mark R V Murray <mark@grondar.org>
In-Reply-To: <1416608405.1147.307.camel@revolution.hippie.lan>
Date: Sat, 22 Nov 2014 12:05:41 +0000
Content-Transfer-Encoding: quoted-printable
Message-Id: <1FF084FC-A8FF-4B5D-B9DA-6B5D50B22BDC@grondar.org>
References: <201411200552.sAK5qnXP063073@svn.freebsd.org>
 <20141120084832.GE24601@funkthat.com>
 <AE8F2D30-7F91-4C90-B79A-D99857D8AED8@grondar.org>
 <20141121092245.GI99957@funkthat.com>
 <1416582989.1147.250.camel@revolution.hippie.lan>
 <026FEB8A-CA8C-472F-A8E4-DA3D0AC44B34@grondar.org>
 <1416596266.1147.290.camel@revolution.hippie.lan>
 <F017033A-B761-4435-A7F8-264D2F4662A0@grondar.org>
 <1416598889.1147.297.camel@revolution.hippie.lan>
 <7387FDB9-206F-418F-8B0B-D1FB9723A4D7@grondar.org>
 <CAJ-VmonofBOXkDbSgyy0su=ARFmgUyX_qyG=71yJQkJ=ruc+ZA@mail.gmail.com>
 <1416608405.1147.307.camel@revolution.hippie.lan>
To: Ian Lepore <ian@FreeBSD.org>
X-Mailer: Apple Mail (2.1993)
X-SA-Score: -1.0
Cc: "freebsd-arch@freebsd.org" <arch@freebsd.org>
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch/>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Nov 2014 12:05:46 -0000


> On 21 Nov 2014, at 22:20, Ian Lepore <ian@FreeBSD.org> wrote:
>=20
> My situation is different... I'm talking about devices in which there =
is
> no exposure to such hazards, most often because the device is a small
> part of some larger system and the protections are provided by the =
wider
> environment (if that's even an issue, for example if a network
> connection is even part of the system).

Lets try a couple of things.

1) Please see if changing to Fortuna gets you an unlocked device quickly =
enough:

device          random                  # Entropy device
options         RANDOM_DEBUG
options         RANDOM_FORTUNA          # Use the Fortuna CSPRNG
#options	RANDOM_YARROW		# The default

2) If you are staying with Yarrow, then try setting these sysctls =
suitably early:

kern.random.yarrow.fastthresh: 48
kern.random.yarrow.slowthresh: 64
kern.random.yarrow.slowoverthresh: 1

In either case, please post verbose output from a clean boot.

M
--=20
Mark R V Murray