random(4) plugin infrastructure for mulitple RNG in a modular fashion

David O'Brien obrien at FreeBSD.org
Thu Aug 8 20:55:17 UTC 2013


On Wed, Aug 07, 2013 at 05:07:15PM -0700, Scott Long wrote:
> We only compile and deploy a whitelist subset of modules, so the PRNG
> modules were not compiled into the kernel nor present in /boot.  When the
> machine came up, it paused waiting for keyboard input.  In one iteration, it
> released the hold after about 100 characters of quick typing.

Do you have any random(4) related local changes?  I ask because the
FreeBSD kernel does not block due to either a missing a /dev/random
device, nor yarrow being not seeded.

I'd like to understand how you experienced what seems to be blocking
due to being not-seeded in a FreeBSD 10 (or -STABLE) kernel.


> In the first iteration, even after the system continued, various things
> complained and/or failed with a complaint of there being no
> /dev/random.  named was one thing, but I know there were others.

It sounds like this is not a headless machine, correct?
I'll enable named on my test machine and see if I get the whine about
lack of /dev/random.  Note that OpenSSL (and thus OpenSSH) handle the
lack of /dev/random.  (and do so without warning or other indication)

Are there other non-default daemons you enable.

-- 
-- David  (obrien at FreeBSD.org)


More information about the freebsd-arch mailing list