On 16.01.2021 14:29, Taylor R Campbell wrote: >> Date: Sat, 16 Jan 2021 13:21:21 +0100 >> From: Kamil Rytarowski <kamil%netbsd.org@localhost> >> >> On 11.01.2021 02:25, Taylor R Campbell wrote: >>> Many of you have no doubt noticed that a lot more things hang waiting >>> for entropy than used to on machines without hardware random number >>> generators (even as we've added a bunch of new drivers for HWRNGs) -- >>> e.g., python, firefox. >> >> Can we overload the ENOSYS return value and return it for CPUs without >> hardware assisted random number generator? This way we certainly catch >> real bugs in software that do not handle ENOSYS anyway. > > How does that detect real bugs? Lack of fallback is a bug for preexisting Linux users. > How does it improve anything? > The improvement is achieved by deferring the problem out of the kernel to userspace applications if there is no HWRNG device driver. An application could fallback in a typical case to plain sysctl(3), arc4random(3) or some other source of randomness delivered by a user if that is really necessary. At the end of this, getrandom(2) never hangs forever due to the lack of HWRNG device. I don't feel as a user much interested in maintaining a dedicated rc.conf(5) switches or motd warnings. Such things add extra management complexity without any gains for me. Once I will be paranoid, I will not defer such features to OS anyway and ensure proper source of randomness on my own.
Description: OpenPGP digital signature