The branch main has been updated by markj:
URL:
https://cgit.FreeBSD.org/src/commit/?id=27e2afa4f27cda036bd81d72357cc6be98869783
commit 27e2afa4f27cda036bd81d72357cc6be98869783
Author: Mark Johnston <ma...@freebsd.org>
AuthorDate: 2025-09-08 14:45:08 +0000
Commit: Mark Johnston <ma...@freebsd.org>
CommitDate: 2025-09-08 15:21:43 +0000
random.4: Document the kern.random.nist_healthtest_enabled tunable
Reviewed by: cem, emaste
MFC after: 2 weeks
Sponsored by: Stormshield
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D52231
---
share/man/man4/random.4 | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/share/man/man4/random.4 b/share/man/man4/random.4
index 840bc0c3234b..04d46e4d32aa 100644
--- a/share/man/man4/random.4
+++ b/share/man/man4/random.4
@@ -21,7 +21,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd April 19, 2019
+.Dd August 28, 2025
.Dt RANDOM 4
.Os
.Sh NAME
@@ -132,6 +132,17 @@ are listed in square brackets.
See
.Xr random_harvest 9
for more on the harvesting of entropy.
+.Pp
+The
+.Va kern.random.nist_healthtest_enabled
+tunable can be used to enable the entropy source health tests outlined
+in section 4 of NIST Special Publication 800-90B.
+When enabled, all entropy sources will be subject to the repetition
+count and adaptive proportion tests described in that document.
+If one of the tests fails, the source will be disabled, i.e., all
+subsequent entropy samples from that source will be discarded.
+The implementation performs startup testing, during which entropy
+sources are discarded.
.Sh FILES
.Bl -tag -width ".Pa /dev/urandom"
.It Pa /dev/random
