Since it's headerless this is important so the data can be interpreted
properly. Also, ordinary audio ioctls cannot be used on a pad and the
format can't be changed, so applications that attempt to automatically
determine the format of a device like audiorecord don't work.
temporary use where allocation on the stack is desirable, but only up to
a certain size. If the requested size fits within the specified stack
buffer, the stack buffer is returned. Otherwise, memory is allocated with
kmem_alloc(). Add a corresponding kmem_tmpbuf_free() function that frees
the memory using kmem_free() if it is not the tempory stack buffer location.
- New /etc/security check for entropy in daily security report.
- New /etc/rc.d/entropy script runs (after random_seed and rndctl) to
check for entropy at boot -- in rc.conf, you can:
. set `entropy=check' to halt multiuser boot and enter single-user
mode if not enough entropy
. set `entropy=wait' to make multiuser boot wait until enough entropy
Default is to always boot without waiting -- and rely on other
channels like security report to alert the operator if there's a
problem.
- New man page entropy(7) discussing the higher-level concepts and
system integration with cross-references.
- New paragraph in afterboot(8) about entropy citing entropy(7) for
more details.
This change addresses many of the issues discussed in security/55659.
This is a first draft; happy to take improvements to the man pages and
scripted messages to improve clarity.
I considered changing motd to include an entropy warning with a
reference to the entropy(7) man page, but it's a little trickier:
- Not sure it's appropriate for all users to see at login rather than
users who have power to affect the entropy estimate (maybe it is,
just haven't decided).
- We only have a mechanism for changing once at boot; the message would
remain until next boot even if an operator adds enough entropy.
- The mechanism isn't really conducive to making a message appear
conditionally from boot to boot.
The /dev/acpi character device gives an aperture into physical memory
that allows only read access to known ACPI tables: RSDP, XSDT/RSDT, and
the root tables. Adapt acpidump(8) to use this interface by default,
falling back to the old /dev/mem method if it is not available or if
ACPIDUMP_USE_DEVMEM=1 is set in the environment. The user visible benefit
of this change is that "options INSECURE" is no longer required to
dump ACPI tables.
Additionally:
- Make it easier for the reader to learn which keywords can be used
multiple times
- Use multiple "userconf" lines in the EXAMPLES section, conveniently
listing the current DRM drivers that a user might need to disable to
troubleshoot "blank screen after boot" issues.
msaitoh