svn commit: r239569 - head/etc/rc.d
Warner Losh
imp at bsdimp.com
Wed Sep 12 16:14:07 UTC 2012
On Sep 12, 2012, at 9:43 AM, Ian Lepore wrote:
> On Tue, 2012-09-11 at 17:07 -0700, David O'Brien wrote:
>> On Tue, Sep 11, 2012 at 04:22:24PM -0700, Xin Li wrote:
>>> Please consider using sha512...
>>
>> What is the performance (boot time) impact on low-end MIPS and ARM
>> systems?
>>
>> I'm all for sha512, but don't want to be shot with a machine gun (vs.
>> simple pistol).
>>
>
> For the embedded systems I take care of, the performance problem on
> low-end systems is likely to be solved by ignoring all of this angels
> dancing on a pin stuff and supplying an alternate kickstart mechanism
> appropriate to the way the system is used (which almost surely won't be
> in any national security datacenter).
>
> I can assure you that neither shaXXX nor gzip nor anything else that
> eats that many cycles will be involved. :)
>
> I just hope one of things coming out of all this is a reasonable
> mechanism for supplying alternate kickstart data.
Yea, it doesn't have to be completely unique per boot, it just needs to be something not the same and not too predictable for yarrow to work well. Another part of the entropy will be the timings of all the interrupts and what not after things are seeded, and that is very hard to control...
Just having it as a decent function that can easily be overridden in /etc/rc.conf or some other well-known mechanism would easily solve this problem for special needs folks without placing an undue burden on them or on the main system.
Warner
More information about the freebsd-rc
mailing list