On Mon, May 11, 2020 at 09:53:31AM +0300, Andreas Gustafsson wrote: > OpenBSD guarantees that there is an entropy seed from the boot loader, > which is very different from NetBSD's "best effort". Was this not > already the case when the getentropy API was introduced?
We do the same, on supported architectures. In addition to reading from CPU HWRNGs extremely early in the kernel, the bootloader provides a seed. Then, once userland is ready, all entropy is consolidated. At the risk of recieving more angry private emails from Mr. de Raadt, (in the bootblocks!), if what OpenBSD does satisfies you, what NetBSD does should also satisfy you.
