Index: sys/dev/random/darn.c =================================================================== --- sys/dev/random/darn.c +++ sys/dev/random/darn.c @@ -137,6 +137,12 @@ return (error); } -DEV_MODULE(darn, darn_modevent, NULL); +static moduledata_t darn_mod = { + "darn", + darn_modevent, + 0 +}; + +DECLARE_MODULE(darn, darn_mod, SI_SUB_RANDOM, SI_ORDER_FOURTH); MODULE_VERSION(darn, 1); -MODULE_DEPEND(darn, random_device, 1, 1, 1); +MODULE_DEPEND(darn, random_harvestq, 1, 1, 1); Index: sys/dev/random/ivy.c =================================================================== --- sys/dev/random/ivy.c +++ sys/dev/random/ivy.c @@ -127,6 +127,12 @@ return (error); } -DEV_MODULE(rdrand, rdrand_modevent, NULL); +static moduledata_t rdrand_mod = { + "rdrand", + rdrand_modevent, + 0 +}; + +DECLARE_MODULE(rdrand, rdrand_mod, SI_SUB_RANDOM, SI_ORDER_FOURTH); MODULE_VERSION(rdrand, 1); -MODULE_DEPEND(rdrand, random_device, 1, 1, 1); +MODULE_DEPEND(rdrand, random_harvestq, 1, 1, 1); Index: sys/dev/random/nehemiah.c =================================================================== --- sys/dev/random/nehemiah.c +++ sys/dev/random/nehemiah.c @@ -146,6 +146,12 @@ return (error); } -DEV_MODULE(nehemiah, nehemiah_modevent, NULL); +static moduledata_t nehemiah_mod = { + "nehemiah", + nehemiah_modevent, + 0 +}; + +DECLARE_MODULE(nehemiah, nehemiah_mod, SI_SUB_RANDOM, SI_ORDER_FOURTH); MODULE_VERSION(nehemiah, 1); -MODULE_DEPEND(nehemiah, random_device, 1, 1, 1); +MODULE_DEPEND(nehemiah, random_harvestq, 1, 1, 1); Index: sys/dev/random/random_harvestq.c =================================================================== --- sys/dev/random/random_harvestq.c +++ sys/dev/random/random_harvestq.c @@ -396,6 +396,26 @@ } SYSINIT(random_device_h_init, SI_SUB_RANDOM, SI_ORDER_SECOND, random_harvestq_init, NULL); +/* + * Returns 0, unless RANDOM_LOADABLE is defined and there is no algorithm + * context registered. + */ +static int +harvest_pre_read(void) +{ +#if defined(RANDOM_LOADABLE) + RANDOM_CONFIG_S_LOCK(); + if (p_random_alg_context) +#endif + p_random_alg_context->ra_pre_read(); +#if defined(RANDOM_LOADABLE) + else + return (ENXIO); + RANDOM_CONFIG_S_UNLOCK(); +#endif + return (0); +} + /* * This is used to prime the RNG by grabbing any early random stuff * known to the kernel, and inserting it directly into the hashing @@ -408,6 +428,7 @@ struct harvest_event event; size_t count, size, i; uint8_t *keyfile, *data; + int error; /* * Get entropy that may have been preloaded by loader(8) @@ -442,8 +463,53 @@ if (bootverbose) printf("random: no preloaded entropy cache\n"); } + + /* + * Pre-read step will transition a device from unseeded to seeded, if + * sufficient entropy was available. + */ + error = harvest_pre_read(); + if (error != 0) + goto loadable_alg_absent; + + /* + * Finally, if no or insufficient early entropy was available to seed + * us, attempt to poll fast random sources until we're seeded. + * + * If none are available, produce a warning and proceed. + */ + if (!is_random_seeded()) { + struct random_sources *rs; + unsigned count; + + count = 0; + LIST_FOREACH(rs, &source_list, rrs_entries) + count++; + + if (count == 0) { + printf("%s: WARNING no early entropy available and no " + "fast random sources available; random will not be" + " available during early boot.\n", __func__); + return; + } + + do { + random_sources_feed(); + error = harvest_pre_read(); + if (error != 0) + goto loadable_alg_absent; + } while (!is_random_seeded()); + + /* Seeded! */ + return; + } + +loadable_alg_absent: + printf("%s: WARNING no early entropy available AND RANDOM_LOADABLE " + "is configured, but no random algorithm modules are loaded. " + "random will not be available during early boot.\n", __func__); } -SYSINIT(random_device_prime, SI_SUB_RANDOM, SI_ORDER_FOURTH, random_harvestq_prime, NULL); +SYSINIT(random_device_prime, SI_SUB_RANDOM, SI_ORDER_MIDDLE, random_harvestq_prime, NULL); /* ARGSUSED */ static void @@ -553,4 +619,60 @@ hc_source_mask &= ~(1 << source); } +void +random_source_register(struct random_source *rsource) +{ + struct random_sources *rrs; + + KASSERT(rsource != NULL, ("invalid input to %s", __func__)); + + rrs = malloc(sizeof(*rrs), M_ENTROPY, M_WAITOK); + rrs->rrs_source = rsource; + + random_harvest_register_source(rsource->rs_source); + + printf("random: registering fast source %s\n", rsource->rs_ident); + LIST_INSERT_HEAD(&source_list, rrs, rrs_entries); +} + +void +random_source_deregister(struct random_source *rsource) +{ + struct random_sources *rrs = NULL; + + KASSERT(rsource != NULL, ("invalid input to %s", __func__)); + + random_harvest_deregister_source(rsource->rs_source); + + LIST_FOREACH(rrs, &source_list, rrs_entries) + if (rrs->rrs_source == rsource) { + LIST_REMOVE(rrs, rrs_entries); + break; + } + if (rrs != NULL) + free(rrs, M_ENTROPY); +} + +static int +random_source_handler(SYSCTL_HANDLER_ARGS) +{ + struct random_sources *rrs; + struct sbuf sbuf; + int error, count; + + sbuf_new_for_sysctl(&sbuf, NULL, 64, req); + count = 0; + LIST_FOREACH(rrs, &source_list, rrs_entries) { + sbuf_cat(&sbuf, (count++ ? ",'" : "'")); + sbuf_cat(&sbuf, rrs->rrs_source->rs_ident); + sbuf_cat(&sbuf, "'"); + } + error = sbuf_finish(&sbuf); + sbuf_delete(&sbuf); + return (error); +} +SYSCTL_PROC(_kern_random, OID_AUTO, random_sources, CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, + NULL, 0, random_source_handler, "A", + "List of active fast entropy sources."); + MODULE_VERSION(random_harvestq, 1); Index: sys/dev/random/randomdev.c =================================================================== --- sys/dev/random/randomdev.c +++ sys/dev/random/randomdev.c @@ -380,62 +380,6 @@ return (error); } -void -random_source_register(struct random_source *rsource) -{ - struct random_sources *rrs; - - KASSERT(rsource != NULL, ("invalid input to %s", __func__)); - - rrs = malloc(sizeof(*rrs), M_ENTROPY, M_WAITOK); - rrs->rrs_source = rsource; - - random_harvest_register_source(rsource->rs_source); - - printf("random: registering fast source %s\n", rsource->rs_ident); - LIST_INSERT_HEAD(&source_list, rrs, rrs_entries); -} - -void -random_source_deregister(struct random_source *rsource) -{ - struct random_sources *rrs = NULL; - - KASSERT(rsource != NULL, ("invalid input to %s", __func__)); - - random_harvest_deregister_source(rsource->rs_source); - - LIST_FOREACH(rrs, &source_list, rrs_entries) - if (rrs->rrs_source == rsource) { - LIST_REMOVE(rrs, rrs_entries); - break; - } - if (rrs != NULL) - free(rrs, M_ENTROPY); -} - -static int -random_source_handler(SYSCTL_HANDLER_ARGS) -{ - struct random_sources *rrs; - struct sbuf sbuf; - int error, count; - - sbuf_new_for_sysctl(&sbuf, NULL, 64, req); - count = 0; - LIST_FOREACH(rrs, &source_list, rrs_entries) { - sbuf_cat(&sbuf, (count++ ? ",'" : "'")); - sbuf_cat(&sbuf, rrs->rrs_source->rs_ident); - sbuf_cat(&sbuf, "'"); - } - error = sbuf_finish(&sbuf); - sbuf_delete(&sbuf); - return (error); -} -SYSCTL_PROC(_kern_random, OID_AUTO, random_sources, CTLTYPE_STRING | CTLFLAG_RD | CTLFLAG_MPSAFE, - NULL, 0, random_source_handler, "A", - "List of active fast entropy sources."); - /* ARGSUSED */ static int randomdev_modevent(module_t mod __unused, int type, void *data __unused)