tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: cprng sysctl: WARNING pseudorandom rekeying.



Hello all.

> ----- Original Message -----
> From: Robert Elz
> Sent: 11/09/12 11:33 PM
> To: Thor Lancelot Simon
> Subject: Re: cprng sysctl: WARNING pseudorandom rekeying.
> 
> Date: Fri, 9 Nov 2012 13:13:25 -0500
>  From: Thor Lancelot Simon <tls%panix.com@localhost>
>  Message-ID: <20121109181325.GA19886%panix.com@localhost>
> 
>  | Did you install by upgrading?
> 
> No, it is a fresh install off an install CD. It is on a virtualbox
> running under Windows 7 (one day that really is going away, I detest
> Windows...) so I can trivially do new installs, and have done several.

Yes, it's fresh install (6.x-CURRENT flood-up my 64MB /root partition, 5.x was 
fine with 64 MB /root like 1.6). I have to increase /root to 128 MB.

> 
>  | We do need to find a way to ensure that upgrades result in boot.conf
>  | files which will automatically load entropy if possible.
> 
> I assume you mean /boot.cfg?
> 
> It has ...
> 
> menu=Boot normally:rndseed /var/db/entropy-file;boot netbsd
> menu=Boot single user:rndseed /var/db/entropy-file;boot netbsd -s
> menu=Disable ACPI:rndseed /var/db/entropy-file;boot netbsd -2
> menu=Disable ACPI and SMP:rndseed /var/db/entropy-file;boot netbsd -12
> menu=Drop to boot prompt:prompt

Nice info. I have separate /var partition. I've seen the message twite: first 
fast boot and delayed second.

> 
> (plus the default, timeout etc settings) default=1, which is the
> "boot normally" which has the rndseed stuff in it, yet it still said
> 
> /netbsd: cprng kernel: WARNING pseudorandom rekeying.
> 
> when it booted (for me, unlike Iain, I think just once - but that just
> means, I assume, that I am not consuming as many random bits).
> 
> And actually looking carefully at /var/log/messages & its timestamps,
> (rather than just the console without them) it seems as if it happens
> a couple of hours after the system was booted.
> 
> kre

I guess these scripts too fast/slow. /var is not mounted when system is 
booting, thus no /var/db/entropy-file. The second issue could be triggered via 
get_some_random when /var is mounted (and no entropy-file again). That can 
occur when entropy-file is created under unmounted /var (thus no /var/db 
directory at all). I don't sure that script recreates /var/db directory. Thus 
it fails to create /var/db/entrppy-file on shutdown. No file again.

I have no my book under hands. Thus it's just guess.

HTH,
-- 
ynzo


Home | Main Index | Thread Index | Old Index