Home | History | Annotate | Download | only in rndctl
History log of /src/sbin/rndctl/rndctl.8
RevisionDateAuthorComments
 1.31  02-Oct-2025  riastradh rndctl(8): Nix trailing whitespace in man page.

No functional change intended.
 1.30  25-Jun-2025  gutteridge rndctl.8: add more detail about the -l and -v options
 1.29  06-Apr-2021  riastradh branches: 1.29.8;
Clarify wording further based on private feedback.
 1.28  06-Apr-2021  riastradh Clarify security model of rndctl -S files.
 1.27  02-Apr-2021  nia rndctl.8: reflect current reality
 1.26  07-May-2020  riastradh Touch up rndctl(8) a bit.
 1.25  07-May-2020  wiz Add -i to SYNOPSIS.
 1.24  06-May-2020  riastradh Tweak logic to decide whether a medium is safe for an rndseed.

- Teach rndctl to load the seed, but treat it as zero entropy, if the
medium is read-only or if the update fails.

- Teach rndctl to accept `-i' flag instructing it to ignore the
entropy estimate in the seed.

- Teach /etc/rc.d/random_seed to:
(a) assume nonlocal file systems are unsafe, and use -i, but
(b) assume / is safe, even if it is nonlocal.
If the medium is nonwritable, leave it to rndctl to detect that.
(Could use statvfs and check for ST_LOCAL in rndctl, I guess, but I
already implemented it this way.)

Treating nonlocal / as safe is a compromise: it's up to the operator
to secure the network for (e.g.) nfs mounts, but that's true whether
we're talking entropy or not -- if the adversary has access to the
network that you've mounted / from, they can do a lot more damage
anyway; this reduces warning fatigue for diskless systems, e.g. test
racks.
 1.23  06-Dec-2019  riastradh Teach `rndctl -L' to update the seed file, not just delete it.

The seed file is updated by entering the old seed into the system and
then hashing the old seed together with data from /dev/urandom, and
writing it atomically with write-to-temporary/rename-to-permanent.

This way, interruption by crash or power loss does not obliterate
your persistent entropy (unless it causes file system corruption).
 1.22  10-Aug-2014  wiz branches: 1.22.24; 1.22.26;
Sort options and mark them as optional.
Bump date for previous.
 1.21  10-Aug-2014  tls Merge tls-earlyentropy branch into HEAD.
 1.20  23-Nov-2011  wiz branches: 1.20.6; 1.20.16;
Sort option descriptions, bump date for previous.
 1.19  23-Nov-2011  tls Load entropy at system boot (only works at securelevel < 1); save
at system shutdown. Disable with random_seed=NO in rc.conf if desired.

Goes to some trouble to never load or save to network filesystems.

Entropy should really be loaded by the boot loader but I am still
sorting out how to pass it to the kernel.
 1.18  01-Oct-2011  pgoyette branches: 1.18.2;
Fix typo
 1.17  04-Jan-2009  apb Add a list of device types for use with "rndctl -t ${typename}".
 1.16  06-Nov-2008  apb Adjust synopsis and description to make it clear that -d devname and
-t devtype are mutually exclusive.
 1.15  25-Feb-2003  wiz branches: 1.15.16; 1.15.32; 1.15.40;
.Nm does not need a dummy argument ("") before punctuation or
for correct formatting of the SYNOPSIS any longer.
 1.14  03-Oct-2002  wiz New sentence, new line. From Robert Elz.
 1.13  01-Oct-2002  wiz Sort options. Fix grammar. Use more mdoc.
 1.12  08-Feb-2002  ross Generate <>& symbolically. I'm avoiding .../dist/... directories for now.
 1.11  16-Nov-2001  wiz Sort sections, use standard headers, sort SEE ALSO.
 1.10  16-Nov-2001  wiz Whitespace nits
 1.9  05-Jun-2001  wiz Drop arguments of .Os.
 1.8  05-Oct-2000  enami Don't explain -s twice.
 1.7  28-Aug-2000  joda document -s
 1.6  20-Jun-2000  sommerfeld branches: 1.6.2;
revised rndctl which can display pool statistics.
 1.5  10-Mar-1999  erh branches: 1.5.8;
Add missing .El line.
 1.4  22-May-1998  msaitoh sort entries and delete extra periods in SEE also section.
 1.3  04-Nov-1997  explorer Update copyright message (I wrote this, not the template of the day)
 1.2  20-Oct-1997  enami branches: 1.2.2;
Fix .Nm usage.
 1.1  13-Oct-1997  explorer Add rndctl(8) and man page
 1.2.2.1  04-Nov-1997  mellon Pull rev 1.3 up from trunk (explorer)
 1.5.8.1  22-Jun-2000  minoura Sync w/ netbsd-1-5-base.
 1.6.2.2  20-Jun-2000  sommerfeld revised rndctl which can display pool statistics.
 1.6.2.1  20-Jun-2000  sommerfeld file rndctl.8 was added on branch netbsd-1-5 on 2000-06-20 02:40:11 +0000
 1.15.40.2  08-Jan-2009  snj Pull up following revision(s) (requested by apb in ticket #231):
sbin/rndctl/rndctl.8: revision 1.17
Add a list of device types for use with "rndctl -t ${typename}".
 1.15.40.1  08-Jan-2009  snj Pull up following revision(s) (requested by apb in ticket #231):
sbin/rndctl/rndctl.8: revision 1.16
Adjust synopsis and description to make it clear that -d devname and
-t devtype are mutually exclusive.
 1.15.32.1  17-Jan-2009  mjf Sync with HEAD.
 1.15.16.1  11-Feb-2009  ober Pull up following revision(s) (requested by dholland in ticket #1274):
sbin/rndctl/rndctl.8: revision 1.16
Adjust synopsis and description to make it clear that -d devname and
-t devtype are mutually exclusive.
 1.18.2.1  17-Apr-2012  yamt sync with head
 1.20.16.1  07-Apr-2014  tls Update rndctl(8) to add the -v option, which gives us more robust information
on entropy collection and estimation.
 1.20.6.1  20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.22.26.1  17-Dec-2019  martin Pull up following revision(s) (requested by riastradh in ticket #563):

sbin/rndctl/rndctl.c: revision 1.31
sbin/rndctl/rndctl.8: revision 1.23
sbin/rndctl/Makefile: revision 1.4 (adapted)
sbin/rndctl/namespace.h: revision 1.1

Teach `rndctl -L' to update the seed file, not just delete it.

The seed file is updated by entering the old seed into the system and
then hashing the old seed together with data from /dev/urandom, and
writing it atomically with write-to-temporary/rename-to-permanent.

This way, interruption by crash or power loss does not obliterate
your persistent entropy (unless it causes file system corruption).
 1.22.24.1  08-Apr-2020  martin Merge changes from current as of 20200406
 1.29.8.1  02-Aug-2025  perseant Sync with HEAD

RSS XML Feed