Collecting entropy from device_attach() times.
Pawel Jakub Dawidek
pjd at FreeBSD.org
Fri Sep 21 07:09:36 UTC 2012
On Thu, Sep 20, 2012 at 11:08:15PM -0700, David O'Brien wrote:
> On Fri, Sep 21, 2012 at 07:35:49AM +0200, Pawel Jakub Dawidek wrote:
> > Note that adding sysctl to turn off entropy harvesting from
> > device_attach() is pretty useless, as sysctls can be changed once we
> > start userland and then all device_attach() are already called (modulo
> > drivers loaded later).
>
> That is what I had in mind -- .ko drivers loaded post 'initrandom'.
>
> The same could be said for kern.random.sys.harvest.interrupt.
> By the time kern.random.sys.harvest.interrupt can be turned off,
> my test system has already processed 784 'origin interrupt' queue
> entries and went from kern.random.sys.seeded=0->1.
Yes, this is exactly why I'd like to see corresponding tunable for all
those sysctls.
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://tupytaj.pl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20120921/bea52575/attachment.pgp
More information about the freebsd-security
mailing list