random.4: Include description of knobs added in r346358
Reported by: ngie Sponsored by: Dell EMC Isilon
This commit is contained in:
Conrad Meyer
parent
2946a9415c
commit
55084da106
@ -23,7 +23,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd April 15, 2019
|
||||
.Dd April 19, 2019
|
||||
.Dt RANDOM 4
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -85,6 +85,10 @@ kern.random.harvest.mask_bin: 00000010000000111011111
|
||||
kern.random.harvest.mask: 66015
|
||||
kern.random.use_chacha20_cipher: 0
|
||||
kern.random.random_sources: 'Intel Secure Key RNG'
|
||||
kern.random.initial_seeding.bypass_before_seeding: 1
|
||||
kern.random.initial_seeding.read_random_bypassed_before_seeding: 0
|
||||
kern.random.initial_seeding.arc4random_bypassed_before_seeding: 0
|
||||
kern.random.initial_seeding.disable_bypass_warnings: 0
|
||||
.Ed
|
||||
.Pp
|
||||
Other than
|
||||
@ -133,6 +137,55 @@ for more on the harvesting of entropy.
|
||||
.It Pa /dev/random
|
||||
.It Pa /dev/urandom
|
||||
.El
|
||||
.Sh DIAGNOSTICS
|
||||
The following tunables are related to initial seeding of the
|
||||
.Nm
|
||||
device:
|
||||
.Bl -tag -width 4
|
||||
.It Va kern.random.initial_seeding.bypass_before_seeding
|
||||
Defaults to 1 (on).
|
||||
When set, the system will bypass the
|
||||
.Nm
|
||||
device prior to initial seeding.
|
||||
On is
|
||||
.Em unsafe ,
|
||||
but provides availability on many systems that lack early sources
|
||||
of entropy, or cannot load
|
||||
.Pa /boot/entropy
|
||||
sufficiently early in boot for
|
||||
.Nm
|
||||
consumers.
|
||||
When unset (0), the system will block
|
||||
.Xr read_random 9
|
||||
and
|
||||
.Xr arc4random 9
|
||||
requests if and until the
|
||||
.Nm
|
||||
device is initially seeded.
|
||||
.It Va kern.random.initial_seeding.disable_bypass_warnings
|
||||
Defaults to 0 (off).
|
||||
When set non-zero, disables warnings in dmesg when the
|
||||
.Nm
|
||||
device is bypassed.
|
||||
.El
|
||||
.Pp
|
||||
The following read-only
|
||||
.Xr sysctl 8
|
||||
variables allow programmatic diagnostic of whether
|
||||
.Nm
|
||||
device bypass occurred during boot.
|
||||
If they are set (non-zero), the specific functional unit bypassed the strong
|
||||
.Nm
|
||||
device output and either produced no output
|
||||
.Xr ( read_random 9 )
|
||||
or seeded itself with minimal, non-cryptographic entropy
|
||||
.Xr ( arc4random 9 ) .
|
||||
.Bl -bullet
|
||||
.It
|
||||
.Va kern.random.initial_seeding.read_random_bypassed_before_seeding
|
||||
.It
|
||||
.Va kern.random.initial_seeding.arc4random_bypassed_before_seeding
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr getrandom 2 ,
|
||||
.Xr arc4random 3 ,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user