Mark R V Murray <m...@grondar.org> writes: > I’m scared witless of this being on-by-default, for the reason given > in the removed comment. I’d much prefer to see it only turned on if a > kernel option is set, and the embedded folks /et al/ can use that.
You didn't seem to mind this code when we introduced it in 10-CURRENT. Removing it breaks pretty much everything, not just embedded systems. We can add a sysctl to turn it off, but it has to be on by default. Note that the alternative is to feed more trash into /dev/random at boot, as we did before. It may give us a warm and fuzzy feeling which we don't get from automatically seeding, but the reality is that we have no idea how good that trash is either. In fact, most of what we used to feed into /dev/random at boot (ps, sysctls etc) was constant or nearly so. I prefer to trust that we get enough entropy from attachtimes and I/O in the boot process - and the data I gathered indicates that there is more than enough entropy from attachtimes alone, even on SFF systems and VMs. > Moving the point of the auto-firstseed to where is good, thanks. ...except that I'm not sure it doesn't break root-on-geli etc, but at least it doesn't break it more than not having auto-firstseed at all. DES -- Dag-Erling Smørgrav - d...@des.no _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
