Changeset View
Standalone View
stand/defaults/loader.conf
Show All 36 Lines | |||||
hostuuid_load="YES" | hostuuid_load="YES" | ||||
hostuuid_name="/etc/hostid" | hostuuid_name="/etc/hostid" | ||||
hostuuid_type="hostuuid" | hostuuid_type="hostuuid" | ||||
### Random number generator configuration ################## | ### Random number generator configuration ################## | ||||
# See rc.conf(5). The entropy_boot_file config variable must agree with the | # See rc.conf(5). The entropy_boot_file config variable must agree with the | ||||
# settings below. | # settings below. | ||||
entropy_cache_load="YES" # Set this to NO to disable loading | entropy_cache_load="YES" # Set this to NO to disable loading | ||||
# entropy at boot time | # cached entropy at boot time | ||||
entropy_cache_name="/boot/entropy" # Set this to the name of the file | entropy_cache_name="/boot/entropy" # Set this to the name of the file | ||||
entropy_cache_type="boot_entropy_cache" # Required for the kernel to find | entropy_cache_type="boot_entropy_cache" # Required for the kernel to find | ||||
# the boot-time entropy cache. This | # the boot-time entropy cache. This | ||||
# must not change value even if the | # must not change value even if the | ||||
# _name above does change! | # _name above does change! | ||||
entropy_efi_seed="YES" # Set this to NO to disable loading | |||||
cperciva: The syntax "disable X instead of doing Y" seems confusing to me.
Also, why would we not want… | |||||
Done Inline ActionsBecause random_harvestq_prime currently looks for just one loaded file and I don't really want to modify that code. val_packett.cool: Because `random_harvestq_prime` currently looks for just one loaded file and I don't really… | |||||
Not Done Inline ActionsI don't think this should be enabled by default if it replaces the other, more trustworthy source. Early seeding is sensitive and nothing I've seen about EFI or BIOSes suggests that we should trust some implementation of the EFI RNG protocol as entropy. cem: I don't think this should be enabled by default if it replaces the other, more trustworthy… | |||||
Not Done Inline ActionsI took a look at the EDK2 implementation, and for x86 it uses RDRAND, while for aarch64 it uses the machine specific functionality, such as TRNG on Marvell Aramada devices. bcran: I took a look at the EDK2 implementation, and for x86 it uses RDRAND, while for aarch64 it uses… | |||||
Not Done Inline ActionsStored entropy cache has to be used if entropy_cache_load="YES" and when they are available. Please amend random_harvestq_prime to support it. delphij: Stored entropy cache has to be used if entropy_cache_load="YES" and when they are available. | |||||
Not Done Inline ActionsI agree with cem and delphij -- EFI implementations do not have enough of a reputation for correctness that I would want to trust our security to their ability to implement an RNG. It would not be the first time that a RNG produced non-random numbers. cperciva: I agree with cem and delphij -- EFI implementations do not have enough of a reputation for… | |||||
Done Inline ActionsLinux now unconditionally uses this interface on x86 (been using it on arm64 for a while): They seem to have a build time flag CONFIG_RANDOM_TRUST_BOOTLOADER that decides whether to *count* this towards their entropy count (but it's *used* either way) val_packett.cool: Linux now unconditionally uses this interface on x86 (been using it on arm64 for a while)… | |||||
Not Done Inline Actions
Agreed, but this "just" means we shouldn't rely on EFI entropy alone. It's OK to use it *in addition*. markm: > I agree with cem and delphij -- EFI implementations do not have enough of a reputation for… | |||||
# entropy from the UEFI hardware random number generator API | |||||
Not Done Inline ActionsIs there a reason why we can't just fix this and support multiple entropy files? cperciva: Is there a reason why we can't just fix this and support multiple entropy files? | |||||
Not Done Inline ActionsNo reason, in my opinion. Just A Small Matter of Coding™. markm: No reason, in my opinion. Just A Small Matter of Coding™. | |||||
Done Inline Actionsoh, actually it is small. I thought it was hard at first, but looking more closely, there's 2 possible solutions:
I think I'll go with the second one, as it is more semantically correct in some ways. val_packett.cool: oh, actually it is small. I thought it was hard at first, but looking more closely, there's 2… | |||||
### RAM Blacklist configuration ############################ | ### RAM Blacklist configuration ############################ | ||||
ram_blacklist_load="NO" # Set this to YES to load a file | ram_blacklist_load="NO" # Set this to YES to load a file | ||||
# containing a list of addresses to | # containing a list of addresses to | ||||
# exclude from the running system. | # exclude from the running system. | ||||
ram_blacklist_name="/boot/blacklist.txt" # Set this to the name of the file | ram_blacklist_name="/boot/blacklist.txt" # Set this to the name of the file | ||||
ram_blacklist_type="ram_blacklist" # Required for the kernel to find | ram_blacklist_type="ram_blacklist" # Required for the kernel to find | ||||
# the blacklist module | # the blacklist module | ||||
▲ Show 20 Lines • Show All 118 Lines • Show Last 20 Lines |
The syntax "disable X instead of doing Y" seems confusing to me.
Also, why would we not want to just read both sources of entropy by default?