Index: sys/net/rss_config.c
===================================================================
--- sys/net/rss_config.c
+++ sys/net/rss_config.c
@@ -74,7 +74,6 @@
  * - Synchronization for rss_key and other future-configurable parameters.
  * - Event handler drivers can register to pick up RSS configuration changes.
  * - Should we allow rss_basecpu to be configured?
- * - Randomize key on boot.
  * - IPv6 support.
  * - Statistics on how often there's a misalignment between hardware
  *   placement and pcbgroup expectations.
@@ -153,19 +152,8 @@
  * RSS secret key, intended to prevent attacks on load-balancing.  Its
  * effectiveness may be limited by algorithm choice and available entropy
  * during the boot.
- *
- * XXXRW: And that we don't randomize it yet!
- *
- * This is the default Microsoft RSS specification key which is also
- * the Chelsio T5 firmware default key.
  */
-static uint8_t rss_key[RSS_KEYSIZE] = {
-	0x6d, 0x5a, 0x56, 0xda, 0x25, 0x5b, 0x0e, 0xc2,
-	0x41, 0x67, 0x25, 0x3d, 0x43, 0xa3, 0x8f, 0xb0,
-	0xd0, 0xca, 0x2b, 0xcb, 0xae, 0x7b, 0x30, 0xb4,
-	0x77, 0xcb, 0x2d, 0xa3, 0x80, 0x30, 0xf2, 0x0c,
-	0x6a, 0x42, 0xb7, 0x3b, 0xbe, 0xac, 0x01, 0xfa,
-};
+uint8_t rss_key[RSS_KEYSIZE];
 
 /*
  * RSS hash->CPU table, which maps hashed packet headers to particular CPUs.
@@ -258,11 +246,9 @@
 	}
 
 	/*
-	 * Randomize rrs_key.
-	 *
-	 * XXXRW: Not yet.  If nothing else, will require an rss_isbadkey()
-	 * loop to check for "bad" RSS keys.
+	 * Randomize rss_key.
 	 */
+	arc4random_buf(rss_key, RSS_KEYSIZE);
 }
 SYSINIT(rss_init, SI_SUB_SOFTINTR, SI_ORDER_SECOND, rss_init, NULL);