[src/trunk]: src rc.conf(5): Set entropy=wait by default.

[riastradh <riastradh%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/add273f53d84
branches:  trunk
changeset: 377203:add273f53d84
user:      riastradh <riastradh%NetBSD.org@localhost>
date:      Fri Jun 30 21:44:09 2023 +0000

description:
rc.conf(5): Set entropy=wait by default.

We no longer block indefinitely -- if nothing else, the hardclock
timer should yield enough samples to unblock /dev/random on all but
the most severely deterministic machines -- so it should be generally
safe for availability to set entropy=wait.

This doesn't guarantee that HWRNG/seed has been provided before you
run ssh-keygen or call getentropy(3) in a user application, but it
does raise the security above netbsd<=9.

PR security/55659
PR lib/56905

XXX pullup-10

diffstat:

 etc/defaults/rc.conf     |   7 ++++---
 share/man/man5/rc.conf.5 |  12 +++++++-----
 2 files changed, 11 insertions(+), 8 deletions(-)

diffs (49 lines):

diff -r 4f0bbae5196b -r add273f53d84 etc/defaults/rc.conf
--- a/etc/defaults/rc.conf      Fri Jun 30 21:44:02 2023 +0000
+++ b/etc/defaults/rc.conf      Fri Jun 30 21:44:09 2023 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: rc.conf,v 1.163 2023/02/03 13:53:40 mlelstv Exp $
+#      $NetBSD: rc.conf,v 1.164 2023/06/30 21:44:09 riastradh Exp $
 #
 # /etc/defaults/rc.conf --
 #      default configuration of /etc/rc.conf
@@ -388,9 +388,10 @@ veriexec_flags="-k"
 random_seed=YES
 
 # Set to `check' to abort multi-user boot if not enough entropy, or
-# `wait' to wait until enough entropy.
+# `wait' to wait until enough entropy, or `' (empty) to boot without
+# waitingor checking.
 #
-entropy=""
+entropy="wait"
 
 # Creating / updating of man page index on boot
 makemandb=YES
diff -r 4f0bbae5196b -r add273f53d84 share/man/man5/rc.conf.5
--- a/share/man/man5/rc.conf.5  Fri Jun 30 21:44:02 2023 +0000
+++ b/share/man/man5/rc.conf.5  Fri Jun 30 21:44:09 2023 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: rc.conf.5,v 1.192 2022/02/20 14:43:39 alnsn Exp $
+.\"    $NetBSD: rc.conf.5,v 1.193 2023/06/30 21:44:09 riastradh Exp $
 .\"
 .\" Copyright (c) 1996 Matthew R. Green
 .\" All rights reserved.
@@ -454,11 +454,13 @@ from the output of
 Passes
 .Sy dmesg_flags .
 .It Sy entropy
-A string,
-.Sq Li check
+A string, either
+.Sq Li check ,
+.Sq Li wait ,
 or
-.Sq Li wait .
-If set, then during boot-up, after
+.Sq Li ""
+(empty).
+If set and nonempty, then during boot-up, after
 .Sy random_seed
 and
 .Sy rndctl ,