Module Name: src
Committed By: riastradh
Date: Tue Apr 6 22:02:40 UTC 2021
Modified Files:
src/sbin/rndctl: rndctl.8
Log Message:
Clarify wording further based on private feedback.
To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 src/sbin/rndctl/rndctl.8
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sbin/rndctl/rndctl.8
diff -u src/sbin/rndctl/rndctl.8:1.28 src/sbin/rndctl/rndctl.8:1.29
--- src/sbin/rndctl/rndctl.8:1.28 Tue Apr 6 12:32:39 2021
+++ src/sbin/rndctl/rndctl.8 Tue Apr 6 22:02:40 2021
@@ -1,4 +1,4 @@
-.\" $NetBSD: rndctl.8,v 1.28 2021/04/06 12:32:39 riastradh Exp $
+.\" $NetBSD: rndctl.8,v 1.29 2021/04/06 22:02:40 riastradh Exp $
.\"
.\" Copyright (c) 1997 Michael Graff
.\" All rights reserved.
@@ -66,15 +66,23 @@ is altered or displayed.
This is mutually exclusive with
.Fl t .
.It Fl E
-Disable entropy estimation for the given device name or device type.
+Ignore estimates of entropy from the drivers for the given device name
+or type.
+.Pp
If collection is still enabled, data is still collected and mixed into
-the internal entropy pool, but no entropy is assumed to be present.
+the internal entropy pool, but no entropy is assumed to be present and
+data from the selected devices will not unblock
+.Pa /dev/random .
.It Fl e
-Re-enable entropy estimation for the given device name or device type.
-If the kernel's estimate for the given device is zero, as it is for
-devices of types other than
+Accept estimates of entropy from the drivers for the given device name
+or type.
+.Pp
+.Cm "rndctl -e"
+does not change the estimate provided by the driver; if the driver's
+estimate is zero, as it generally is for devices of types other than
.Ic rng ,
-this does not increase the estimate.
+it remains zero after
+.Cm "rndctl -e" .
.It Fl i
With the
.Fl L
@@ -86,9 +94,11 @@ even if the file claims to have adequate
This is useful if the file is on a medium, such as an NFS share, that
the operator does not know to be secret.
.It Fl L
-Load saved entropy from file
+Load a seed from
.Ar save-file
-and overwrite it with a seed derived by hashing it together with output
+generated by
+.Cm "rndctl -S" .
+Overwrite it with a seed derived by hashing it together with output
from
.Pa /dev/urandom
so that the new seed has at least as much entropy as either the old
@@ -105,7 +115,7 @@ or
.Ar devname
specified.
.It Fl S
-Save entropy to file
+Generate a seed from the system entropy pool and save it to
.Ar save-file
for later use with
.Cm "rndctl -L" .
