freebsd stable - Jan 2016 - dev/random warning on 10-STABLE after r292122 up till r292855

All
 At NYC*BUG we are looking into a warning seen on FreeBSD 10-STABLE amd64
starting at or about r292122  and still up till r292855.

On boot dmesg logs the following warning not seen on 10.2-RELEASE amd64.

random device not loaded; using insecure entropy

The full dmesg can be seen here
http://dmesgd.nycbug.org/index.cgi?action=dmesgd&do=view&id=2871

I checked in svn and there are no recent changes to sys/dev/random .

Does anyone have any insight into this ?



-- 
mark saad | nonesuch at longcount.org

Mark,
>  At NYC*BUG we are looking into a warning seen on FreeBSD 10-STABLE amd64
> starting at or about r292122  and still up till r292855.
> random device not loaded; using insecure entropy
I noticed this message a while back and again yesterday on my i386 which
runs no modules, just a custom kernel (including "device random", of
course) and dismissed it as a probable false positive error from not
loading random.ko.

----8<----
FreeBSD 10.2-STABLE #0: Mon Jan  4 00:48:15 EST 2016
    ajc at hal10001.halplant.net:/usr/obj/usr/src/sys/HAL10001 i386
FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512
CPU: Genuine Intel(R) CPU           T2500  @ 2.00GHz (1995.04-MHz
686-class CPU)
  Origin="GenuineIntel"  Id=0x6e8  Family=0x6  Model=0xe  Stepping=8

Features=0xbfe9fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
  Features2=0xc1a9<SSE3,MON,VMX,EST,TM2,xTPR,PDCM>
  AMD Features=0x100000<NX>
  VT-x: HLT,PAUSE
  TSC: P-state invariant, performance statistics
real memory  = 4294967296 (4096 MB)
avail memory = 3417825280 (3259 MB)
Event timer "LAPIC" quality 400
ACPI APIC Table: <TOSHIB A003B   >
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
FreeBSD/SMP: 1 package(s) x 2 core(s)
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP): APIC ID:  1
random device not loaded; using insecure entropy
----8<----

http://dmesgd.nycbug.org/index.cgi?action=dmesgd&do=view&id=2873

-- 
-Andrew J. Caines-   Unix Systems Engineer   A.J.Caines at halplant.com
  "Machines take me by surprise with great frequency" - Alan Turing

On Mon, Jan 4, 2016 at 3:44 PM, Mark Saad <nonesuch at longcount.org>
wrote:
> All
>  At NYC*BUG we are looking into a warning seen on FreeBSD 10-STABLE amd64
> starting at or about r292122  and still up till r292855.
>
> On boot dmesg logs the following warning not seen on 10.2-RELEASE amd64.
>
> random device not loaded; using insecure entropy
>
> The full dmesg can be seen here
> http://dmesgd.nycbug.org/index.cgi?action=dmesgd&do=view&id=2871
>
> I checked in svn and there are no recent changes to sys/dev/random .
>
> Does anyone have any insight into this ?
>
It's more of an informational message about seeding the random number
generator.  Probably man 4 random is the best explanation.



-- 
Adam

On 2016-Jan-04 16:44:49 -0500, Mark Saad <nonesuch at longcount.org>
wrote:
>On boot dmesg logs the following warning not seen on 10.2-RELEASE amd64.
>
>random device not loaded; using insecure entropy
When I first noticed this, I investigated and worked out that it's
related to how the random device initialises itself and its data and
entropy sources.  In particular, it reflects the state of the random
device at that point in time, not at any later point when random data
is actually requested.

I agree that the wording of this message could unnecessarily alarm a
sysadmin and think it could be done better.  IMHO, this sort of
alamist message should only be output if there is no decent entropy
source available when the random device is unblocked.

-- 
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: not available
URL:
<http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20160106/312e6c5f/attachment.sig>