svn commit: r274739 - head/sys/mips/conf
Mark R V Murray
mark at grondar.org
Sat Nov 22 12:05:46 UTC 2014
> On 21 Nov 2014, at 22:20, Ian Lepore <ian at FreeBSD.org> wrote:
>
> My situation is different... I'm talking about devices in which there is
> no exposure to such hazards, most often because the device is a small
> part of some larger system and the protections are provided by the wider
> environment (if that's even an issue, for example if a network
> connection is even part of the system).
Lets try a couple of things.
1) Please see if changing to Fortuna gets you an unlocked device quickly enough:
device random # Entropy device
options RANDOM_DEBUG
options RANDOM_FORTUNA # Use the Fortuna CSPRNG
#options RANDOM_YARROW # The default
2) If you are staying with Yarrow, then try setting these sysctls suitably early:
kern.random.yarrow.fastthresh: 48
kern.random.yarrow.slowthresh: 64
kern.random.yarrow.slowoverthresh: 1
In either case, please post verbose output from a clean boot.
M
--
Mark R V Murray
More information about the freebsd-arch
mailing list