Re: Consequences of disabling vtrnd

In reply to: Max Baroi : "Consequences of disabling vtrnd"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Mina_Galić <me+freebsd_at_igalic.co>
Date: Sat, 03 Dec 2022 09:06:16 UTC

Hi Max,

> If this is not the appropriate place, I apologize.
> 
> Installing on an instance on vultr.com from booting from the standard image hangs. This is pretty well documented, and the equally well documented workaround is disabling vtrnd.
> 
> But are there lingering consequences from setting hint.vtrnd.disabled in the boot menu? The man page says virtio_random supplies the guest with high-quality random bits from the host. With this disabled, is the guest's entropy pool populated from a different high quality source or does the workaround leave the guest with only low entropy sources?

The main consequence is that we go from:

kern.random.random_sources: 'VirtIO Entropy Adapter','Intel Secure Key RNG'
kern.random.harvest.mask_symbolic: PURE_VIRTIO,PURE_RDRAND,[CALLOUT],[UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,[NET_ETHER],NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED

to:

kern.random.random_sources: 'Intel Secure Key RNG'
kern.random.harvest.mask_symbolic: PURE_RDRAND,[CALLOUT],[UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,[NET_ETHER],NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED

That is: The virtual machine already had the capability of emulating Intel Secure Key RNG, and we're falling back to that scenario.

> Thanks for any reply,
> Max Baroi

Kind regards,

Mina Galić

Try PkgBase: https://alpha.pkgbase.live/