diff options
| author | David E. O'Brien <obrien@FreeBSD.org> | 2013-07-29 20:26:27 +0000 |
|---|---|---|
| committer | David E. O'Brien <obrien@FreeBSD.org> | 2013-07-29 20:26:27 +0000 |
| commit | 99ff83da740de3de131259dc672d645639e6c965 (patch) | |
| tree | 7321ee5c53e41f64a4e3a37d1e501321672bb5af /UPDATING | |
| parent | 23b5c8fe3d87622bb7f1c6bdbf747740d9cde683 (diff) | |
| download | src-99ff83da740de3de131259dc672d645639e6c965.tar.gz src-99ff83da740de3de131259dc672d645639e6c965.zip | |
Decouple yarrow from random(4) device.
* Make Yarrow an optional kernel component -- enabled by "YARROW_RNG" option.
The files sha2.c, hash.c, randomdev_soft.c and yarrow.c comprise yarrow.
* random(4) device doesn't really depend on rijndael-*. Yarrow, however, does.
* Add random_adaptors.[ch] which is basically a store of random_adaptor's.
random_adaptor is basically an adapter that plugs in to random(4).
random_adaptor can only be plugged in to random(4) very early in bootup.
Unplugging random_adaptor from random(4) is not supported, and is probably a
bad idea anyway, due to potential loss of entropy pools.
We currently have 3 random_adaptors:
+ yarrow
+ rdrand (ivy.c)
+ nehemeiah
* Remove platform dependent logic from probe.c, and move it into
corresponding registration routines of each random_adaptor provider.
probe.c doesn't do anything other than picking a specific random_adaptor
from a list of registered ones.
* If the kernel doesn't have any random_adaptor adapters present then the
creation of /dev/random is postponed until next random_adaptor is kldload'ed.
* Fix randomdev_soft.c to refer to its own random_adaptor, instead of a
system wide one.
Submitted by: arthurmesh@gmail.com, obrien
Obtained from: Juniper Networks
Reviewed by: obrien
Notes
Notes:
svn path=/head/; revision=253779
Diffstat (limited to 'UPDATING')
| -rw-r--r-- | UPDATING | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -31,6 +31,19 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 10.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20130729: + random(4) and actual RNG implementations (aka, adaptors) have been + further decoupled. If you are running a custom kernel, you may + need to explicitly enable at least one RNG adaptor in your kernel + config. For example, to use Yarrow, add "options YARROW_RNG" to + your kernel config. For hardware backed RNGs, use either + "RDRAND_RNG" or "PADLOCK_RNG" options. + If you use random.ko via 'random_load="YES"' in /boot/loader.conf + instead of "device random", you will need to change that to + 'yarrow_rng_load="YES"', 'rdrand_rng_load="YES"', or + 'padlock_rng_load="YES"'. random.ko will be loaded automatically + as a dependency module. + 20130726: Behavior of devfs rules path matching has been changed. Pattern is now always matched against fully qualified devfs |