From nobody Sat Dec 03 09:06:16 2022 X-Original-To: current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NPP7Y1NCFz4k48C for ; Sat, 3 Dec 2022 09:06:33 +0000 (UTC) (envelope-from me+freebsd@igalic.co) Received: from mail-4323.proton.ch (mail-4323.proton.ch [185.70.43.23]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "protonmail.com", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NPP7X6Fppz4FDW for ; Sat, 3 Dec 2022 09:06:32 +0000 (UTC) (envelope-from me+freebsd@igalic.co) Authentication-Results: mx1.freebsd.org; none Date: Sat, 03 Dec 2022 09:06:16 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=igalic.co; s=protonmail3; t=1670058389; x=1670317589; bh=TsStzok2o2KrZvp74UvqEUyYMV+i+baHkT29GVoWIEc=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=ZU9Sz1Y/rCbq92OUzCC1BXJQv9ROCyaXCVzzPf1iJ4eFNBwVAsMVm4PAuR7Yg2Dsj obAXPB5pnu5E5+qqLR04Sft7RgaRPgYHLxIuPZXKoxhvXxVj6LLG47wmCxP6W2dFIg Bbjv2T0/9SJyWfvJhuwjKSR/ot5gCV6oHTIbBr9D6N4w5DkGi+j3wQZR6m0oJk+pby xyrpGRdh7samhQ0s7JKlHRZGw8FBL8+uDxLelwsGKBO3GkrhZ/3ZwcOosVtzudJxWh 89t/oW6+0DVlMcaBYsbt0/4CPEqK4PSGAP3ulATHcYvary8Tb77MqQ3u6eNmynkHH0 Gnx3+iAm0Tj4Q== To: Max Baroi From: =?utf-8?Q?Mina_Gali=C4=87?= Cc: current@freebsd.org Subject: Re: Consequences of disabling vtrnd Message-ID: In-Reply-To: References: Feedback-ID: 13937434:user:proton List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4NPP7X6Fppz4FDW X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:62371, ipnet:185.70.43.0/24, country:CH]; TAGGED_FROM(0.00)[freebsd] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N Hi Max, > If this is not the appropriate place, I apologize. >=20 > Installing on an instance on vultr.com from booting from the standard ima= ge hangs. This is pretty well documented, and the equally well documented w= orkaround is disabling vtrnd. >=20 > But are there lingering consequences from setting hint.vtrnd.disabled in = the boot menu? The man page says virtio_random supplies the guest with high= -quality random bits from the host. With this disabled, is the guest's entr= opy pool populated from a different high quality source or does the workaro= und leave the guest with only low entropy sources? The main consequence is that we go from: kern.random.random_sources: 'VirtIO Entropy Adapter','Intel Secure Key RNG' kern.random.harvest.mask_symbolic: PURE_VIRTIO,PURE_RDRAND,[CALLOUT],[UMA],= [FS_ATIME],SWI,INTERRUPT,NET_NG,[NET_ETHER],NET_TUN,MOUSE,KEYBOARD,ATTACH,C= ACHED to: kern.random.random_sources: 'Intel Secure Key RNG' kern.random.harvest.mask_symbolic: PURE_RDRAND,[CALLOUT],[UMA],[FS_ATIME],S= WI,INTERRUPT,NET_NG,[NET_ETHER],NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED That is: The virtual machine already had the capability of emulating Intel = Secure Key RNG, and we're falling back to that scenario. > Thanks for any reply, > Max Baroi Kind regards, Mina Gali=C4=87 Try PkgBase: https://alpha.pkgbase.live/