tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: cprng sysctl: WARNING pseudorandom rekeying.

    Date:        Sat, 10 Nov 2012 11:39:47 -0500
    From:        Thor Lancelot Simon <>
    Message-ID:  <>

  | It's not as simple as you make it seem.

Oh, I know it isn't simple.

  | The system should be able to run with readonly /.

Yes, it should (though actually making that work requires a reasonable
amount of effort, alongside which moving the entropy file to some other
place would be a minor distraction).   There are plenty of other hard cases
that are even more difficult to handle, and which are easier to set up
than a read-only root.

How does all of this work when booting from other than a local disc
using NetBSD's boot code?   That is, for people who boot using dosboot,
or boot from a CD, or over the network?   (Or horror of horrors, use
grub or something like that.)

Is loading the entropy file really required?   Or is it just a slight
improvement over what happens if it is skipped?

If it is the latter, perhaps the only real fix required here would be
to remove that WARNING printf (make it a debug printf or something).


Home | Main Index | Thread Index | Old Index