svn commit: r346399 - head/share/man/man4

Conrad Meyer cem at FreeBSD.org
Tue Sep 3 14:08:02 UTC 2019 

Author: cem
Date: Fri Apr 19 17:15:58 2019
New Revision: 346399
URL: https://svnweb.freebsd.org/changeset/base/346399

Log:
  random.4: Include description of knobs added in r346358
  
  Reported by:	ngie
  Sponsored by:	Dell EMC Isilon

Modified:
  head/share/man/man4/random.4

Modified: head/share/man/man4/random.4
==============================================================================
--- head/share/man/man4/random.4	Fri Apr 19 17:06:43 2019	(r346398)
+++ head/share/man/man4/random.4	Fri Apr 19 17:15:58 2019	(r346399)
@@ -23,7 +23,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd April 15, 2019
+.Dd April 19, 2019
 .Dt RANDOM 4
 .Os
 .Sh NAME
@@ -85,6 +85,10 @@ kern.random.harvest.mask_bin: 00000010000000111011111
 kern.random.harvest.mask: 66015
 kern.random.use_chacha20_cipher: 0
 kern.random.random_sources: 'Intel Secure Key RNG'
+kern.random.initial_seeding.bypass_before_seeding: 1
+kern.random.initial_seeding.read_random_bypassed_before_seeding: 0
+kern.random.initial_seeding.arc4random_bypassed_before_seeding: 0
+kern.random.initial_seeding.disable_bypass_warnings: 0
 .Ed
 .Pp
 Other than
@@ -132,6 +136,55 @@ for more on the harvesting of entropy.
 .Bl -tag -width ".Pa /dev/urandom"
 .It Pa /dev/random
 .It Pa /dev/urandom
+.El
+.Sh DIAGNOSTICS
+The following tunables are related to initial seeding of the
+.Nm
+device:
+.Bl -tag -width 4
+.It Va kern.random.initial_seeding.bypass_before_seeding
+Defaults to 1 (on).
+When set, the system will bypass the
+.Nm
+device prior to initial seeding.
+On is
+.Em unsafe ,
+but provides availability on many systems that lack early sources
+of entropy, or cannot load
+.Pa /boot/entropy
+sufficiently early in boot for
+.Nm
+consumers.
+When unset (0), the system will block
+.Xr read_random 9
+and
+.Xr arc4random 9
+requests if and until the
+.Nm
+device is initially seeded.
+.It Va kern.random.initial_seeding.disable_bypass_warnings
+Defaults to 0 (off).
+When set non-zero, disables warnings in dmesg when the
+.Nm
+device is bypassed.
+.El
+.Pp
+The following read-only
+.Xr sysctl 8
+variables allow programmatic diagnostic of whether
+.Nm
+device bypass occurred during boot.
+If they are set (non-zero), the specific functional unit bypassed the strong
+.Nm
+device output and either produced no output
+.Xr ( read_random 9 )
+or seeded itself with minimal, non-cryptographic entropy
+.Xr ( arc4random 9 ) .
+.Bl -bullet
+.It
+.Va kern.random.initial_seeding.read_random_bypassed_before_seeding
+.It
+.Va kern.random.initial_seeding.arc4random_bypassed_before_seeding
 .El
 .Sh SEE ALSO
 .Xr getrandom 2 ,

More information about the svn-src-all mailing list