random(4) plugin infrastructure for mulitple RNG in a modular fashion

Steve Kargl sgk at troutmask.apl.washington.edu
Thu Aug 8 21:58:40 UTC 2013 

On Thu, Aug 08, 2013 at 02:34:49PM -0700, David O'Brien wrote:
> On Wed, Aug 07, 2013 at 12:27:36PM -0700, Steve Kargl wrote:
> > On Wed, Aug 07, 2013 at 11:28:58AM -0700, David O'Brien wrote:
> > > * Make Yarrow an optional kernel component -- enabled by "YARROW_RNG"
> > >   option.  The files sha2.c, hash.c, randomdev_soft.c and yarrow.c
> ..
> > My kernel config files have included the following 2 lines for
> > ages:
> > makeoptions  NO_MODULES
> > device       random
> > 
> > If I try to build a new kernel under your scheme, will the
> > build die with an error about a missing option?
> 
> You haven't given enough information to answer the question.  Your kernel
> config does not have just those two lines.  Is there an "include GENERIC"
> or something else above it?  What is your full kernel config?

No 'include GENERIC'.  See config file after sig.

> 
> > If the answer
> > is 'no', then the yarrow adaptor should be opt-out.
> 
> There is no build issue (i.e., missing symbols).  "device random" in the
> changeset is just the device (/dev/[u]random) implimentation.  The many
> RNG's that provide the output.

The issue is quite simple.  If I do not use modules and only
include 'device random' in my config file, will this result in
a crippled/broken/non-functioning /dev/random?

> Do you really not read UPDATING and the release notes when you upgrade to
> to a .0 release?  How did you learn about other config lines I'm sure
> you've changed over th years.

I never see a .0 release as I only run -current.  I scan UPDATING
when I see a chnage has been made to it via svn-src-all.  I missed
your change to UPDATING because a broken procmail rule filtered
that particular commit.

I note that I don't update my systems every 24 hours.  There is
sometimes a 2 or 3 month lag between a full upgrade, so I may
forget that someone potential change a kernel option or 
broke a kernel facility.  In this case, inveriably 'make buildkernel'
kernel dies a horrible death.

-- 
Steve


cpu		HAMMER
ident		HPC

makeoptions	DEBUG=-g		# Build kernel with gdb(1) debug symbols
makeoptions	NO_MODULES

maxusers	0

options 	SCHED_4BSD		# 4BSD scheduler
options 	PREEMPTION		# Enable kernel thread preemption
options 	INET			# InterNETworking
options 	INET6			# IPv6 communications protocols
options 	SCTP			# Stream Transmission Control Protocol 
options 	FFS			# Berkeley Fast Filesystem
options 	SOFTUPDATES		# Enable FFS soft updates support
options 	UFS_DIRHASH		# Improve performance on big directories
options 	NFSCL			# New Network Filesystem Client
options 	NFSD			# New Network Filesystem Server
options 	MSDOSFS			# MSDOS Filesystem
options 	CD9660			# ISO 9660 Filesystem
options 	PROCFS			# Process filesystem (requires PSEUDOFS)
options		FDESCFS
options 	PSEUDOFS		# Pseudo-filesystem framework
options     COMPAT_LINUX32
options     LINPROCFS
options 	COMPAT_43TTY		# BSD 4.3 TTY compat [KEEP THIS!]
options 	COMPAT_FREEBSD32	# Compatible with i386 binaries
options 	COMPAT_FREEBSD7		# Compatible with i386 binaries
options 	SCSI_DELAY=5000		# Delay (in ms) before probing SCSI
options 	KTRACE			# ktrace(1) support
options 	SYSVSHM			# SYSV-style shared memory
options 	SYSVMSG			# SYSV-style message queues
options 	SYSVSEM			# SYSV-style semaphores
options		P1003_1B_SEMAPHORES
options 	_KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options 	KBD_INSTALL_CDEV	# install a CDEV entry in /dev

# Debugging for use in -current
options 	KDB			# Enable kernel debugger support.
options 	DDB			# Support DDB.
options 	GDB			# Support remote GDB.
#options 	INVARIANTS		# Enable calls of extra sanity checking
#options 	INVARIANT_SUPPORT	# Extra sanity checks of internal structures, required by INVARIANTS
#options 	WITNESS			# Enable checks to detect deadlocks and cycles
#options 	WITNESS_SKIPSPIN	# Don't run witness on spinlocks for speed


# Default partitioning schemes
options 	GEOM_PART_GPT		# GUID Partition Tables.
options 	GEOM_LABEL		    # Provides labelization

# Make an SMP-capable kernel by default
options 	SMP			# Symmetric MultiProcessor Kernel

# Bus support.
device		acpi
device		pci

# Floppy drives
options		FDC_DEBUG
device		fdc

# New CAM ATA and ATAPI devices
device		ata
device		ahci
device 		mvs
device		siis

# SCSI Controllers
device		ahc		# AHA2940 and onboard AIC7xxx devices
options 	AHC_REG_PRETTY_PRINT	# Print register bitfields in debug

# SCSI peripherals
device		scbus		# SCSI bus (required for SCSI)
device		ch		# SCSI media changers
device		da		# Direct Access (disks)
device		sa		# Sequential Access (tape etc)
device		cd		# CD
device		pass		# Passthrough device (direct SCSI access)
device		ses		# SCSI Environmental Services (and SAF-TE)

# atkbdc0 controls both the keyboard and the PS/2 mouse
device		atkbdc		# AT keyboard controller
device		atkbd		# AT keyboard
#device		psm		# PS/2 mouse
device		kbdmux		# keyboard multiplexer
device		vga		# VGA video card driver
device		splash		# Splash screen and screen saver support

# syscons is the default console driver, resembling an SCO console
device		sc
device		agp		# support several AGP chipsets
device      drm             # DRM core module required by DRM drivers
device      mach64drm       # ATI Rage Pro, Rage Mobility P/M, Rage XL

# Serial (COM) ports
device		uart		# 8250, 16[45]50 based serial ports

# Parallel port
device		ppc
device		ppbus		# Parallel port bus (required)
device		lpt		# Printer
device		ppi		# Parallel port interface device

# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device		miibus		# MII bus support
device		bge		# Broadcom BCM570xx Gigabit Ethernet
device      fxp

# Pseudo devices.
device		loop		# Network loopback
device		random		# Entropy device
device		ether		# Ethernet support
device		tun		# Packet tunnel.
device		pty		# Pseudo-ttys (telnet etc)
device		md		# Memory "disks"
device		gif		# IPv6 and IPv4 tunneling
device		faith		# IPv6-to-IPv4 relaying (translation)
device		firmware	# firmware assist module

# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device		bpf		# Berkeley packet filter

# USB support
device		uhci		# UHCI PCI->USB interface
device		ohci		# OHCI PCI->USB interface
device		ehci		# EHCI PCI->USB interface (USB 2.0)
device		usb		# USB Bus (required)
device		uhid		# "Human Interface Devices"
device		ukbd		# Keyboard
device		umass		# Disks/Mass storage - Requires scbus and da
device		ums		# Mouse


options 	MAXDSIZ=(8UL*1024UL*1024*1024)
options 	MAXSSIZ=(1024UL*1024*1024)
options 	DFLDSIZ=(1024UL*1024*1024)

# This allows you to actually store this configuration file into
# the kernel binary itself, where it may be later read by saying:
#    strings -n 3 /boot/kernel/kernel | sed -n 's/^___//p' > MYKERNEL
#
options 	INCLUDE_CONFIG_FILE     # Include this file in kernel
#
# Don't enter the debugger for a panic. Intended for unattended operation
# where you may want to enter the debugger from the console, but still want
# the machine to recover from a panic.
#
options 	KDB_UNATTENDED


# Size of the kernel message buffer.  Should be N * pagesize.
options 	MSGBUF_SIZE=81920
device		blank_saver

options 	MAXCONS=8		# number of virtual consoles

device		amdtemp		# Temperature sensors.

device		smbus		# Bus support, required for smb below.
device		amdsmb
device		smb
#
device		iicbus		# Bus support, required for ic/iic/iicsmb below.
device		iicbb
device		ic
device		iic
device		iicsmb		# smb over i2c bridge

device		hwpmc			# Driver (also a loadable module)
options 	HWPMC_HOOKS		# Other necessary kernel hooks

More information about the freebsd-arch mailing list