freebsd-skq/etc
Mark Murray 10cb24248a This is the much-discussed major upgrade to the random(4) device, known to you all as /dev/random.
This code has had an extensive rewrite and a good series of reviews, both by the author and other parties. This means a lot of code has been simplified. Pluggable structures for high-rate entropy generators are available, and it is most definitely not the case that /dev/random can be driven by only a hardware souce any more. This has been designed out of the device. Hardware sources are stirred into the CSPRNG (Yarrow, Fortuna) like any other entropy source. Pluggable modules may be written by third parties for additional sources.

The harvesting structures and consequently the locking have been simplified. Entropy harvesting is done in a more general way (the documentation for this will follow). There is some GREAT entropy to be had in the UMA allocator, but it is disabled for now as messing with that is likely to annoy many people.

The venerable (but effective) Yarrow algorithm, which is no longer supported by its authors now has an alternative, Fortuna. For now, Yarrow is retained as the default algorithm, but this may be changed using a kernel option. It is intended to make Fortuna the default algorithm for 11.0. Interested parties are encouraged to read ISBN 978-0-470-47424-2 "Cryptography Engineering" By Ferguson, Schneier and Kohno for Fortuna's gory details. Heck, read it anyway.

Many thanks to Arthur Mesh who did early grunt work, and who got caught in the crossfire rather more than he deserved to.

My thanks also to folks who helped me thresh this out on whiteboards and in the odd "Hallway track", or otherwise.

My Nomex pants are on. Let the feedback commence!

Reviewed by:	trasz,des(partial),imp(partial?),rwatson(partial?)
Approved by:	so(des)
2014-10-30 21:21:53 +00:00
..
autofs Bring in the new automounter, similar to what's provided in most other 2014-08-17 09:44:42 +00:00
bluetooth
casper Please welcome casperd daemon. It (and its services) will be responsible for 2013-12-02 08:21:28 +00:00
defaults This is the much-discussed major upgrade to the random(4) device, known to you all as /dev/random. 2014-10-30 21:21:53 +00:00
devd HYPERV isn't available on all architectures, but just on by default 2014-10-16 00:33:06 +00:00
dma Install a default configuration file for dma 2014-02-21 21:02:19 +00:00
etc.amd64 Convert the potential console port over to using 3wire, for i386/amd64. 2014-06-17 18:51:03 +00:00
etc.arm Change the terminal type/class for enabled serial lines to 3wire. This 2014-03-09 21:06:22 +00:00
etc.i386 Convert the potential console port over to using 3wire, for i386/amd64. 2014-06-17 18:51:03 +00:00
etc.mips Change the terminal type/class for enabled serial lines to 3wire. This 2014-03-09 21:06:22 +00:00
etc.pc98
etc.powerpc Change the terminal type/class for enabled serial lines to 3wire. This 2014-03-09 21:06:22 +00:00
etc.sparc64 Change the terminal type/class for enabled serial lines to 3wire. This 2014-03-09 21:06:22 +00:00
gss
mail Fix incremental builds involving non-root users with read-only source files. 2014-09-18 14:41:57 +00:00
mtree Add missing /usr/lib/debug directories 2014-10-28 14:48:52 +00:00
pam.d Fix xref, pam(8) -> pam(3) 2014-08-26 22:39:24 +00:00
periodic Don't cross mount boundaries when cleaning tmp files. 2014-09-09 17:03:58 +00:00
pkg Give hint on how to disable the default repository. 2014-03-30 15:24:17 +00:00
ppp
rc.d This is the much-discussed major upgrade to the random(4) device, known to you all as /dev/random. 2014-10-30 21:21:53 +00:00
root
sendmail Minor changes to force commit these files so new freebsd*.cf files are 2014-05-22 04:43:40 +00:00
tests Add placeholder Kyuafiles for various top-level hierarchies. 2014-04-21 21:39:25 +00:00
amd.map
apmd.conf
auto_master Add "nobrowse" option. Previously automountd(8) always behaved as if 2014-08-23 12:00:45 +00:00
crontab
csh.cshrc
csh.login
csh.logout
ddb.conf
devd.conf move devd rules for zfs events into a separate file and fix stale event types 2014-02-14 15:31:48 +00:00
devfs.conf
dhclient.conf
disktab
fbtab
freebsd-update.conf Remove remnants of BIND from /etc, since there is no BIND in base now. 2013-11-05 09:30:06 +00:00
ftpusers Remove most of the ATF tools and the _atf user. 2013-10-12 06:06:53 +00:00
gettytab Add 3wire and std as terminal types/classes. These are similar to 2014-03-09 20:51:14 +00:00
group Remove most of the ATF tools and the _atf user. 2013-10-12 06:06:53 +00:00
hosts
hosts.allow Disable libwrap (TCP wrappers) support in rpcbind by default, introducing 2014-03-06 17:33:27 +00:00
hosts.equiv
hosts.lpd
inetd.conf Remove CVS from the base system. 2013-06-15 20:29:07 +00:00
libalias.conf
libmap32.conf Remove unneeded mappings from libmap32.conf. Move it up one level and 2013-09-09 06:02:30 +00:00
libmap.conf Include /usr/local/etc/libmap.d/ by default. 2013-08-01 05:50:42 +00:00
login.access
login.conf Add a resource limit for the total number of kqueues available to the 2013-10-21 16:46:12 +00:00
mac.conf
Makefile Bring in the new automounter, similar to what's provided in most other 2014-08-17 09:44:42 +00:00
man.alias
master.passwd Remove most of the ATF tools and the _atf user. 2013-10-12 06:06:53 +00:00
minfree
motd Revised to better point to release notes and errata, security advisories, 2014-09-25 21:57:35 +00:00
netconfig
netstart Start rtsold if necessary. 2013-10-22 06:53:01 +00:00
network.subr - Add $netif_ipexpand_max to specify the upper limit for the number of 2014-09-11 12:30:29 +00:00
networks
newsyslog.conf - Include /etc/newsyslog.conf.d/* and /usr/local/etc/newsyslog.conf.d/* by 2014-05-20 03:00:20 +00:00
nls.alias
nscd.conf
nsmb.conf Remove IPX support. 2014-03-14 02:58:48 +00:00
nsswitch.conf
ntp.conf Tighten default restrictions for ntpd(8) server and provide a link 2013-12-27 23:06:15 +00:00
opieaccess
pccard_ether
pf.os Add DragonFly BSD fingerprints to pf.os 2013-12-03 04:32:02 +00:00
phones
portsnap.conf Now that the portsnap buildbox is generating the raw bits for INDEX-10, 2013-09-26 10:33:15 +00:00
printcap
profile
protocols
rc The rc system aggressively caches the contents of /etc/rc.conf in order to 2013-12-03 21:55:57 +00:00
rc.bsdextended
rc.firewall Fix a typo. 2014-10-20 04:14:35 +00:00
rc.initdiskless
rc.resume wpa_supplicant should be able to reassociate when resuming, so remove a 2013-07-04 07:32:40 +00:00
rc.sendmail
rc.shutdown
rc.subr Add env and prepend to _rc_namevarlist. 2014-10-12 02:42:36 +00:00
rc.suspend
regdomain.xml
remote
rpc
services Add Veritas NetBackup 2013-12-03 04:03:19 +00:00
shells
snmpd.config Adds the bsnmp module to export the temperature data from lm75 sensors on 2014-06-01 03:14:03 +00:00
sysctl.conf
syslog.conf sbin/devd/devd.cc 2013-12-13 22:58:57 +00:00
termcap.small