[talk] FreeBSD 10.2-stable "random device not loaded"
John Baldwin
jhb at freebsd.org
Fri Dec 18 12:44:50 EST 2015
On Wednesday, December 16, 2015 11:41:52 PM George Rosamond wrote:
> Pete Wright:
> >
> >
> > On 12/16/15 16:10, Pete Wright wrote:
> >>
> >>
> >> On 12/16/15 15:42, John Baldwin wrote:
> >>> On Friday, December 11, 2015 06:10:52 PM George Rosamond wrote:
> >>>> Just updated a box to #r292122 with GENERIC, found this wildly
> >>>> confidence-building note in the dmesg:
> >>>>
> >>>> random device not loaded; using insecure entropy
> >>>>
> >>>> Two lines later in the dmesg it does say:
> >>>>
> >>>> random: <Software, Yarrow> initialized
> >>>>
> >>>> I don't see anything online recently about this... except for one
> >>>> unanswered post on freebsd-questions@ in late October.
> >>>>
> >>>> Thought I'd post here before I dug further...
> >>>
> >>> Humm, any luck on more info? I haven't seen that on HEAD, and GENERIC
> >>> on stable/10 includes device random so that seems odd.
> >>>
> >>
> >>
> >> i am *not* seeing this on one of my KVM instances here running HEAD r292065:
> >>
> >> pwright at bsd-current:/usr/src % dmesg|grep -i random
> >> random: unblocking device.
> >> random: entropy device external interface
> >> random: registering fast source Intel Secure Key RNG
> >> random: fast provider: "Intel Secure Key RNG"
> >>
> >>
> >> this is a sandy bridge (E3xxx) Intel CPU on the hypervisor fwiw.
> >
> > strike that - freebsd detects this as a E312xx but the hypervisor is a
> > E5-2697 v2 which is also a sandy bridge, but a different rev than the E3xxxx
>
> Thanks Pete and John.
>
> Again, here's the relevant part of the dmesg:
>
> random device not loaded; using insecure entropy
> ioapic0 <Version 2.0> irqs 0-23 on motherboard
> random: <Software, Yarrow> initialized
>
> Someone hit me offlist on this, and apparently it's Supermicro
> motherboard-related. Yes, vague, but I need to do more searching after
> that.
Hmm, that seems like a bit of an order of operations thing where something is
asking for random bits before device random is initialized. I'm not sure what
would be asking for it that early though.
--
John Baldwin
More information about the talk
mailing list