Home | History | Annotate | Download | only in pci
History log of /src/sys/dev/pci/ubsec.c
RevisionDateAuthorComments
 1.65  23-Feb-2024  andvar s/opetions/options/ in hw.ubsec node description.
 1.64  04-Aug-2023  riastradh entropy(9): Simplify stages. Split interrupt vs non-interrupt paths.

- Nix the entropy stage (cold, warm, hot). Just use the usual kernel
`cold' (cold: single-core, single-thread; interrupts may happen),
and don't make any three-way distinction about whether interrupts
or threads or other CPUs can be running.

Instead, while cold, use splhigh/splx or forbid paths to come from
interrupt context, and while warm, use mutex or the per-CPU hard
and soft interrupt paths for low latency. This comes at a small
cost to some interrupt latency, since we may stir the pool in
interrupt context -- but only for a very short window early at boot
between configure and configure2, so it's hard to imagine it
matters much.

- Allow rnd_add_uint32 to run in hard interrupt context or with spin
locks held, but defer processing to softint and drop samples on the
floor if buffer is full. This is mainly used for cheaply tossing
samples from drivers for non-HWRNG devices into the entropy pool,
so it is often used from interrupt context and/or under spin locks.

- New rnd_add_data_intr provides the interrupt-like data entry path
for arbitrary buffers and driver-specified entropy estimates: defer
processing to softint and drop samples on the floor if buffer is
full.

- Document that rnd_add_data is forbidden under spin locks outside
interrupt context (will crash in LOCKDEBUG), and inadvisable in
interrupt context (but technically permitted just in case there are
compatibility issues for now); later we can forbid it altogether in
interrupt context or under spin locks.

- Audit all uses of rnd_add_data to use rnd_add_data_intr where it
might be used in interrupt context or under a spin lock.

This fixes a regression from last year when the global entropy lock
was changed from IPL_VM (spin) to IPL_SOFTSERIAL (adaptive). Thought
I'd caught all the problems from that, but another one bit three
different people this week, presumably because of recent changes that
led to more non-HWRNG drivers entering the entropy consolidation
path from rnd_add_uint32.

In my attempt to preserve the rnd(9) API for the (now long-since
abandoned) prospect of pullup to netbsd-9 in my rewrite of the
entropy subsystem in 2020, I didn't introduce a separate entry point
for entering entropy from interrupt context or equivalent, i.e., spin
locks held, and instead made rnd_add_data rely on cpu_intr_p() to
decide whether to process the whole sample under a lock or only take
as much as there's buffer space for before scheduling a softint. In
retrospect, that was a mistake (though perhaps not as much of a
mistake as other entropy API decisions...), a mistake which is
finally getting rectified now by rnd_add_data_intr.

XXX pullup-10
 1.63  06-May-2023  andvar s/Regiser/Register/ and s/regester/register/ in comments.
 1.62  27-Aug-2022  skrll branches: 1.62.4;
Correct the abbreviation of approximately to 'approx.'
 1.61  27-Aug-2022  skrll Trailing whitespace
 1.60  23-May-2022  rin Audit unload/unmap v.s. free against DMA buffer for sys/dev/pci;
make sure that bus_dmamap_unload(9) [or bus_dmamap_destroy(9)] or
bus_dmamem_unmap(9) are preceding to freeing DMA buffer, if it is
loaded or mapped, respectively.

This is mandatory for some archs. See, e.g.:

http://www.nerv.org/netbsd/?q=id:20210511T013030Z.013443cc790088147e4beed43f53dedabeaf9312
http://www.nerv.org/netbsd/?q=id:20220511T172220Z.561179f0b6fcc5b9cd73e274f69d74e2ce9e4c93

XXX XXX XXX
Compile test only (for amd64/ALL).

Thanks riastradh@ for double check.
 1.59  22-May-2022  riastradh opencrypto: Make freesession callback return void.

No functional change intended: all drivers already return zero
unconditionally.
 1.58  22-May-2022  riastradh ubsec(4): Prune dead branches. Assert session id validity.
 1.57  22-May-2022  riastradh ubsec(4): Tidy up error branches of ubsec_process.

Make sure to return zero, not error, when we've already done
crypto_done and set crp_etype.
 1.56  22-May-2022  riastradh ubsec(4): Assert crp_sid is valid.

If opencrypto passes a bad sid in, that's a bug in opencrypto that
needs to be fixed, not a user-triggered invalid input that we need to
fail gracefully on.
 1.55  22-May-2022  riastradh ubsec(4): ubsec_kprocess always returns zero. Prune dead branches.
 1.54  22-May-2022  riastradh ubsec(4): Fix error branch: call crypto_kdone, don't return error.
 1.53  18-May-2022  riastradh ubsec(4): Nix dead code.

No functional change intended.
 1.52  14-Jun-2020  riastradh ubsec(4): Don't use prev msg's last block as IV for next msg in CBC.

This violates the security contract of the CBC construction, which
requires that the IV be unpredictable in advance; an adaptive adversary
can exploit this to verify plaintext guesses.

XXX Compile-tested only.
 1.51  25-May-2020  thorpej unifdef everything-but-NetBSD. Gets rid of a naked cfattach decl.
 1.50  30-Apr-2020  riastradh rnd_attach_source calls the callback itself now.

No need for every driver to explicitly call it to prime the pool.

Eliminate now-unused <sys/rndpool.h>.
 1.49  30-Apr-2020  riastradh Don't attach rndsource until it's actually ready to run.
 1.48  16-Mar-2020  pgoyette Use the module subsystem's ability to process SYSCTL_SETUP() entries to
automate installation of sysctl nodes.

Note that there are still a number of device and pseudo-device modules
that create entries tied to individual device units, rather than to the
module itself. These are not changed.
 1.47  10-Nov-2019  chs in many device attach paths, allocate memory with M_WAITOK instead of M_NOWAIT
and remove code to handle failures that can no longer happen.
 1.46  22-Dec-2018  maxv Replace: M_COPY_PKTHDR -> m_copy_pkthdr. No functional change, since the
former is a macro to the latter.
 1.45  09-Dec-2018  jdolecek use pci_intr_establish_xname() everywhere
 1.44  03-Sep-2018  riastradh Rename min/max -> uimin/uimax for better honesty.

These functions are defined on unsigned int. The generic name
min/max should not silently truncate to 32 bits on 64-bit systems.
This is purely a name change -- no functional change intended.

HOWEVER! Some subsystems have

#define min(a, b) ((a) < (b) ? (a) : (b))
#define max(a, b) ((a) > (b) ? (a) : (b))

even though our standard name for that is MIN/MAX. Although these
may invite multiple evaluation bugs, these do _not_ cause integer
truncation.

To avoid `fixing' these cases, I first changed the name in libkern,
and then compile-tested every file where min/max occurred in order to
confirm that it failed -- and thus confirm that nothing shadowed
min/max -- before changing it.

I have left a handful of bootloaders that are too annoying to
compile-test, and some dead code:

cobalt ews4800mips hp300 hppa ia64 luna68k vax
acorn32/if_ie.c (not included in any kernels)
macppc/if_gm.c (superseded by gem(4))

It should be easy to fix the fallout once identified -- this way of
doing things fails safe, and the goal here, after all, is to _avoid_
silent integer truncations, not introduce them.

Maybe one day we can reintroduce min/max as type-generic things that
never silently truncate. But we should avoid doing that for a while,
so that existing code has a chance to be detected by the compiler for
conversion to uimin/uimax without changing the semantics until we can
properly audit it all. (Who knows, maybe in some cases integer
truncation is actually intended!)
 1.43  07-Jul-2016  msaitoh branches: 1.43.16; 1.43.18;
KNF. Remove extra spaces. No functional change.
 1.42  13-Apr-2015  riastradh Add header guards and necessary includes.
 1.41  10-Aug-2014  tls branches: 1.41.4;
Merge tls-earlyentropy branch into HEAD.
 1.40  19-Apr-2014  bad Add support for accelerated AES_CBC in ubsec(4) for BCM5823 and newer.
Update man-page and bump date.
Adjust OpenBSD RCS IDs to reflect roughly the version we are in sync with.
 1.39  18-Apr-2014  bad Rewrite the dmamap handling to allocate and cache the dmamaps beforehand.
Calling bus_dmamap_create/destroy is no longer possible in interrupt context.
Move the dmamaps to the end of struct ubsec_q so the rest of the struct
can be cleared with one call to memset().

As a bonus we get a 25% increase in throughput encrypting 8K blocks.
 1.38  29-Mar-2014  christos branches: 1.38.2;
make pci_intr_string and eisa_intr_string take a buffer and a length
instead of relying in local static storage.
 1.37  25-Feb-2014  pooka Ensure that the top level sysctl nodes (kern, vfs, net, ...) exist before
the sysctl link sets are processed, and remove redundancy.

Shaves >13kB off of an amd64 GENERIC, not to mention >1k duplicate
lines of code.
 1.36  03-Jan-2014  pgoyette If you're going to build this driver as a module, make sure that it
depends on opencrypto module.
 1.35  26-Dec-2013  bad Also disable MCR4INT in ubsec_detach() when appropriate.
 1.34  17-Nov-2013  bad Add support for BCM5825, and BCM5860, 5861, 5862 from OpenBSD rev 1.143:
Add support for the BCM5825 and the next-generation BCM5860, 5861,
5862 Broadcom CryptoNetX IPSec/SSL Security Processors. The 5825 is a
faster version of the already supported 5823, and the even faster 586x
series is a bit different and needed some more changes.

AES support hasn't been pulled in yet.
 1.33  17-Nov-2013  bad Create the sysctl variables on module initialization.
Create them under hw.ubsec as is hip these days.
 1.32  17-Nov-2013  bad Make ubsec(4) loadable as kmod.
 1.31  17-Nov-2013  bad Fix locking botch. Callers of ubsec_rng_locked() lock and release sc_mtx already.
 1.30  17-Nov-2013  bad Use callout_setfunc()/callout_schedule() instead of callout_reset(), it is cheaper.
 1.29  13-Jun-2013  tls branches: 1.29.2;
Convert the entropy pool framework from pseudo-callout-driven to
soft interrupt driven operation.

Add a polling mode of operation -- now we can ask hardware random number
generators to top us up just when we need it (bcm2835_rng and amdpm
converted as examples).

Fix a stall noticed with repeated reads from /dev/random while testing.
 1.28  27-Oct-2012  chs split device_t/softc for all remaining drivers.
replace "struct device *" with "device_t".
use device_xname(), device_unit(), etc.
 1.27  30-Jan-2012  drochner branches: 1.27.6;
Use pci_aprint_devinfo(9) instead of pci_devinfo+aprint_{normal,naive}
where it looks straightforward, and pci_aprint_devinfo_fancy in a few
others where drivers want to supply their own device names instead
of the pcidevs generated one. More complicated cases, where names
are composed at runtime, are left alone for now. It certainly makes
sense to simplify the drivers here rather than inventing a catch-all API.
This should serve as as example for new drivers, and also ensure
consistent output in the AB_QUIET ("boot -q") case. Also, it avoids
excessive stack usage where drivers attach child devices because the
buffer for the device name is not kept on the local stack anymore.
 1.26  19-Nov-2011  tls branches: 1.26.2;
First step of random number subsystem rework described in
<20111022023242.BA26F14A158@mail.netbsd.org>. This change includes
the following:

An initial cleanup and minor reorganization of the entropy pool
code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are
fixed. Some effort is made to accumulate entropy more quickly at
boot time.

A generic interface, "rndsink", is added, for stream generators to
request that they be re-keyed with good quality entropy from the pool
as soon as it is available.

The arc4random()/arc4randbytes() implementation in libkern is
adjusted to use the rndsink interface for rekeying, which helps
address the problem of low-quality keys at boot time.

An implementation of the FIPS 140-2 statistical tests for random
number generator quality is provided (libkern/rngtest.c). This
is based on Greg Rose's implementation from Qualcomm.

A new random stream generator, nist_ctr_drbg, is provided. It is
based on an implementation of the NIST SP800-90 CTR_DRBG by
Henric Jungheim. This generator users AES in a modified counter
mode to generate a backtracking-resistant random stream.

An abstraction layer, "cprng", is provided for in-kernel consumers
of randomness. The arc4random/arc4randbytes API is deprecated for
in-kernel use. It is replaced by "cprng_strong". The current
cprng_fast implementation wraps the existing arc4random
implementation. The current cprng_strong implementation wraps the
new CTR_DRBG implementation. Both interfaces are rekeyed from
the entropy pool automatically at intervals justifiable from best
current cryptographic practice.

In some quick tests, cprng_fast() is about the same speed as
the old arc4randbytes(), and cprng_strong() is about 20% faster
than rnd_extract_data(). Performance is expected to improve.

The AES code in src/crypto/rijndael is no longer an optional
kernel component, as it is required by cprng_strong, which is
not an optional kernel component.

The entropy pool output is subjected to the rngtest tests at
startup time; if it fails, the system will reboot. There is
approximately a 3/10000 chance of a false positive from these
tests. Entropy pool _input_ from hardware random numbers is
subjected to the rngtest tests at attach time, as well as the
FIPS continuous-output test, to detect bad or stuck hardware
RNGs; if any are detected, they are detached, but the system
continues to run.

A problem with rndctl(8) is fixed -- datastructures with
pointers in arrays are no longer passed to userspace (this
was not a security problem, but rather a major issue for
compat32). A new kernel will require a new rndctl.

The sysctl kern.arandom() and kern.urandom() nodes are hooked
up to the new generators, but the /dev/*random pseudodevices
are not, yet.

Manual pages for the new kernel interfaces are forthcoming.
 1.25  13-Nov-2010  uebayasi branches: 1.25.8;
Don't pull in the whole uvm(9) API to access only PAGE_SIZE and
some other constants. These are provided by sys/param.h now.
 1.24  26-Nov-2009  njoly branches: 1.24.4;
Cleanup interrupt establish error messages. Do not mix
aprint_error/aprint_normal/printf calls for a single line.
 1.23  12-May-2009  cegger use device_private().
"looks good" ad@
XXX for the device_t/softc split, please check the driver that no cases have been missed.
 1.22  06-May-2009  cegger struct device * -> device_t, no functional changes intended.
 1.21  06-May-2009  cegger struct cfdata * -> cfdata_t, no functional changes intended.
 1.20  18-Apr-2009  tsutsui Remove extra whitespace added by a stupid tool.
XXX: more in src/sys/arch
 1.19  18-Mar-2009  cegger bcopy -> memcpy
 1.18  18-Mar-2009  cegger bzero -> memset
 1.17  19-Dec-2008  cegger branches: 1.17.2;
use M_ZERO on malloc() and remove subsequent bzero().
 1.16  10-Apr-2008  cegger branches: 1.16.4; 1.16.12;
use aprint_*_dev and device_xname
 1.15  02-Feb-2008  tls branches: 1.15.6;
From Darran Hunt at Coyote Point: don't truncate HMAC to 96 bits unless
actually asked to.

Fixed in FreeBSD a while ago, discussed on tech-kern and tech-crypto.
 1.14  11-Dec-2007  lukem use __KERNEL_RCSID()
 1.13  09-Jul-2007  ad branches: 1.13.8; 1.13.14; 1.13.16; 1.13.18; 1.13.20;
Merge some of the less invasive changes from the vmlocking branch:

- kthread, callout, devsw API changes
- select()/poll() improvements
- miscellaneous MT safety improvements
 1.12  04-Mar-2007  christos branches: 1.12.2; 1.12.4;
Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
 1.11  16-Nov-2006  christos branches: 1.11.4;
__unused removal on arguments; approved by core.
 1.10  12-Oct-2006  christos - sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386
 1.9  28-Mar-2006  thorpej branches: 1.9.8; 1.9.10;
Use device_unit().
 1.8  25-Nov-2005  thorpej branches: 1.8.4; 1.8.6; 1.8.8; 1.8.10; 1.8.12;
- De-couple the software crypto implementation from the rest of the
framework. There is no need to waste the space if you are only using
algoritms provided by hardware accelerators. To get the software
implementations, add "pseudo-device swcr" to your kernel config.
- Lazily initialize the opencrypto framework when crypto drivers
(either hardware or swcr) register themselves with the framework.
 1.7  28-Jun-2005  thorpej branches: 1.7.2; 1.7.8;
Use ANSI function decls and static.
 1.6  30-May-2005  christos - const poisoning
- avoid variable shadowing.
 1.5  27-Feb-2005  perry nuke trailing whitespace
 1.4  28-Aug-2003  thorpej branches: 1.4.4; 1.4.10; 1.4.12;
* Make matching and chip info table-driven.
* Print product name and revision at attach time.
* Use aprint_*().
 1.3  27-Aug-2003  thorpej Fix some diagnotic printfs.
 1.2  21-Aug-2003  jonathan Remove #ifdef _OpenBSD__ code which sets the softc pointer `sc' by
passing an index into ubsec_cd.cd_devs[]: that causes too much
confusion with the checks that sc is non-null.
 1.1  01-Aug-2003  jonathan Preliminary port of merged OpenBSD/FreeBSD ubsec driver for Bluesteel
Networks/Broadcom line of cryptographic accelerators.
 1.4.12.1  19-Mar-2005  yamt sync with head. xen and whitespace. xen part is not finished.
 1.4.10.1  29-Apr-2005  kent sync with -current
 1.4.4.7  11-Dec-2005  christos Sync with head.
 1.4.4.6  10-Nov-2005  skrll Sync with HEAD. Here we go again...
 1.4.4.5  04-Mar-2005  skrll Sync with HEAD.

Hi Perry!
 1.4.4.4  21-Sep-2004  skrll Fix the sync with head I botched.
 1.4.4.3  18-Sep-2004  skrll Sync with HEAD.
 1.4.4.2  03-Aug-2004  skrll Sync with HEAD
 1.4.4.1  28-Aug-2003  skrll file ubsec.c was added on branch ktrace-lwp on 2004-08-03 10:49:12 +0000
 1.7.8.1  29-Nov-2005  yamt sync with head.
 1.7.2.5  04-Feb-2008  yamt sync with head.
 1.7.2.4  21-Jan-2008  yamt sync with head
 1.7.2.3  03-Sep-2007  yamt sync with head.
 1.7.2.2  30-Dec-2006  yamt sync with head.
 1.7.2.1  21-Jun-2006  yamt sync with head.
 1.8.12.1  31-Mar-2006  tron Merge 2006-03-31 NetBSD-current into the "peter-altq" branch.
 1.8.10.1  19-Apr-2006  elad sync with head.
 1.8.8.1  01-Apr-2006  yamt sync with head.
 1.8.6.1  22-Apr-2006  simonb Sync with head.
 1.8.4.1  09-Sep-2006  rpaulo sync with head
 1.9.10.2  10-Dec-2006  yamt sync with head.
 1.9.10.1  22-Oct-2006  yamt sync with head
 1.9.8.1  18-Nov-2006  ad Sync with head.
 1.11.4.1  12-Mar-2007  rmind Sync with HEAD.
 1.12.4.1  11-Jul-2007  mjf Sync with head.
 1.12.2.1  01-Jul-2007  ad Adapt to callout API change.
 1.13.20.1  13-Dec-2007  bouyer Sync with HEAD
 1.13.18.1  11-Dec-2007  yamt sync with head.
 1.13.16.1  26-Dec-2007  ad Sync with head.
 1.13.14.1  18-Feb-2008  mjf Sync with HEAD.
 1.13.8.2  23-Mar-2008  matt sync with HEAD
 1.13.8.1  09-Jan-2008  matt sync with HEAD
 1.15.6.2  17-Jan-2009  mjf Sync with HEAD.
 1.15.6.1  02-Jun-2008  mjf Sync with HEAD.
 1.16.12.2  28-Apr-2009  skrll Sync with HEAD.
 1.16.12.1  19-Jan-2009  skrll Sync with HEAD.
 1.16.4.3  11-Mar-2010  yamt sync with head
 1.16.4.2  16-May-2009  yamt sync with head
 1.16.4.1  04-May-2009  yamt sync with head.
 1.17.2.1  13-May-2009  jym Sync with HEAD.

Commit is split, to avoid a "too many arguments" protocol error.
 1.24.4.1  05-Mar-2011  rmind sync with head
 1.25.8.3  22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.25.8.2  30-Oct-2012  yamt sync with head
 1.25.8.1  17-Apr-2012  yamt sync with head
 1.26.2.1  18-Feb-2012  mrg merge to -current.
 1.27.6.4  03-Dec-2017  jdolecek update from HEAD
 1.27.6.3  20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.27.6.2  23-Jun-2013  tls resync from head
 1.27.6.1  20-Nov-2012  tls Resync to 2012-11-19 00:00:00 UTC
 1.29.2.1  18-May-2014  rmind sync with head
 1.38.2.2  10-Aug-2014  tls Rebase.
 1.38.2.1  07-Apr-2014  tls Be a little more clear and consistent about harvesting entropy from devices:

1) deprecate RND_FLAG_NO_ESTIMATE

2) define RND_FLAG_COLLECT_TIME, RND_FLAG_COLLECT_VALUE

3) define RND_FLAG_ESTIMATE_TIME, RND_FLAG_ESTIMATE_VALUE

4) define RND_FLAG_DEFAULT: RND_FLAG_COLLECT_TIME|
RND_FLAG_COLLECT_VALUE|RND_FLAG_ESTIMATE_TIME

5) Make entropy harvesting from environmental sensors a little more generic
and remove it from individual sensor drivers.

6) Remove individual open-coded delta-estimators for values from a few
places in the tree (uvm, environmental drivers).

7) 0 -> RND_FLAG_DEFAULT, actually gather entropy from various drivers
that had stubbed out code, other minor cleanups.
 1.41.4.2  09-Jul-2016  skrll Sync with HEAD
 1.41.4.1  06-Jun-2015  skrll Sync with HEAD
 1.43.18.3  13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.43.18.2  08-Apr-2020  martin Merge changes from current as of 20200406
 1.43.18.1  10-Jun-2019  christos Sync with HEAD
 1.43.16.2  26-Dec-2018  pgoyette Sync with HEAD, resolve a few conflicts
 1.43.16.1  06-Sep-2018  pgoyette Sync with HEAD

Resolve a couple of conflicts (result of the uimin/uimax changes)
 1.62.4.1  11-Aug-2023  martin Pull up following revision(s) (requested by riastradh in ticket #319):

sys/dev/pci/ubsec.c: revision 1.64
sys/dev/pci/hifn7751.c: revision 1.82
lib/libc/gen/getentropy.3: revision 1.5
lib/libc/gen/getentropy.3: revision 1.6
share/man/man4/rnd.4: revision 1.41
lib/libc/sys/getrandom.2: revision 1.2
lib/libc/sys/getrandom.2: revision 1.3
share/man/man5/rc.conf.5: revision 1.193
share/man/man7/entropy.7: revision 1.5
share/man/man7/entropy.7: revision 1.6
share/man/man7/entropy.7: revision 1.7
share/man/man7/entropy.7: revision 1.8
etc/security: revision 1.130
share/man/man7/entropy.7: revision 1.9
etc/security: revision 1.131
sys/crypto/cprng_fast/cprng_fast.c: revision 1.19
sys/sys/rndio.h: revision 1.3
tests/lib/libc/sys/t_getrandom.c: revision 1.5
etc/defaults/rc.conf: revision 1.164
etc/defaults/rc.conf: revision 1.165
sys/sys/rndsource.h: revision 1.10
sys/kern/kern_entropy.c: revision 1.62
sys/kern/kern_entropy.c: revision 1.63
sys/kern/kern_entropy.c: revision 1.64
sys/kern/subr_cprng.c: revision 1.44
sys/kern/kern_entropy.c: revision 1.65
sys/kern/kern_clock.c: revision 1.149
sys/dev/pci/viornd.c: revision 1.22
share/man/man9/rnd.9: revision 1.32
sys/kern/subr_prf.c: revision 1.202
sys/sys/rndsource.h: revision 1.8
sys/sys/rndsource.h: revision 1.9
share/man/man7/entropy.7: revision 1.10

1. Reinstate netbsd<=9 entropy estimator to unblock /dev/random, in
parallel with assessment of only confident entropy sources (seed,
HWRNG) for security warnings like sshd keys in motd and daily
insecurity report.

2. Make multiuser boot wait for first /dev/random output soon after
loading a seed and configuring rndctl, so that getentropy(3) meets
its contract starting early at boot without introducing blocking
paths that could cause hangs in init(8) or single-user mode.
Operators can choose to disable this wait in rc.conf.

3. Fix some bugs left over from reducing the global entropy lock from
a spin lock at IPL_VM to an adaptive lock at IPL_SOFTSERIAL.

4. Update man pages.

RSS XML Feed