diff --git a/share/man/man4/random.4 b/share/man/man4/random.4
index 0805be28c782..0ccad03aeda4 100644
--- a/share/man/man4/random.4
+++ b/share/man/man4/random.4
@@ -23,7 +23,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd April 15, 2019
+.Dd April 19, 2019
 .Dt RANDOM 4
 .Os
 .Sh NAME
@@ -85,6 +85,10 @@ kern.random.harvest.mask_bin: 00000010000000111011111
 kern.random.harvest.mask: 66015
 kern.random.use_chacha20_cipher: 0
 kern.random.random_sources: 'Intel Secure Key RNG'
+kern.random.initial_seeding.bypass_before_seeding: 1
+kern.random.initial_seeding.read_random_bypassed_before_seeding: 0
+kern.random.initial_seeding.arc4random_bypassed_before_seeding: 0
+kern.random.initial_seeding.disable_bypass_warnings: 0
 .Ed
 .Pp
 Other than
@@ -133,6 +137,55 @@ for more on the harvesting of entropy.
 .It Pa /dev/random
 .It Pa /dev/urandom
 .El
+.Sh DIAGNOSTICS
+The following tunables are related to initial seeding of the
+.Nm
+device:
+.Bl -tag -width 4
+.It Va kern.random.initial_seeding.bypass_before_seeding
+Defaults to 1 (on).
+When set, the system will bypass the
+.Nm
+device prior to initial seeding.
+On is
+.Em unsafe ,
+but provides availability on many systems that lack early sources
+of entropy, or cannot load
+.Pa /boot/entropy
+sufficiently early in boot for
+.Nm
+consumers.
+When unset (0), the system will block
+.Xr read_random 9
+and
+.Xr arc4random 9
+requests if and until the
+.Nm
+device is initially seeded.
+.It Va kern.random.initial_seeding.disable_bypass_warnings
+Defaults to 0 (off).
+When set non-zero, disables warnings in dmesg when the
+.Nm
+device is bypassed.
+.El
+.Pp
+The following read-only
+.Xr sysctl 8
+variables allow programmatic diagnostic of whether
+.Nm
+device bypass occurred during boot.
+If they are set (non-zero), the specific functional unit bypassed the strong
+.Nm
+device output and either produced no output
+.Xr ( read_random 9 )
+or seeded itself with minimal, non-cryptographic entropy
+.Xr ( arc4random 9 ) .
+.Bl -bullet
+.It
+.Va kern.random.initial_seeding.read_random_bypassed_before_seeding
+.It
+.Va kern.random.initial_seeding.arc4random_bypassed_before_seeding
+.El
 .Sh SEE ALSO
 .Xr getrandom 2 ,
 .Xr arc4random 3 ,