Re: regarding the changes to kernel entropy gathering

[Joerg Sonnenberger <joerg%bec.de@localhost>]

On Sun, Apr 04, 2021 at 03:32:08PM -0700, Greg A. Woods wrote:
> At Mon, 05 Apr 2021 00:14:30 +0200 (CEST), Havard Eidnes <he%NetBSD.org@localhost> wrote:
> Subject: Re: regarding the changes to kernel entropy gathering
> >
> > > What about architectures that have nothing like RDRAND/RDSEED?  Are
> > > they, effectively, totally unsupported now?
> >
> > Nope, not entirely.  But they have to be seeded once.  If they
> > have storage which survives reboots, and entropy is saved and
> > restored on reboot, they will be ~fine.
> 
> BTW, to me reusing the same entropy on every reboot seems less secure.

Except that's not what the system is doing. It removes the seed file on
boot and creates a new one on shutdown.

> > Systems without persistent storage and also without RDRAND/RDSEED
> > will however be ... a more challenging problem.
> 
> Leaving things like that would be totally silly.
> 
> With my patch the old way of gathering entropy from devices works just
> fine as it always did, albeit with the second patch it does require a
> tiny bit of extra configuration.

You keep repeating yourself. It doesn't make your claims any less false.
At this point, can we please just stop this thread?

Joerg