Proposed F19 Feature: Virtio RNG
Paul Wouters
paul at nohats.ca
Sat Feb 2 01:17:26 UTC 2013
On Fri, 1 Feb 2013, Bill Nottingham wrote:
>> VirtIO RNG (random number generator) is a paravirtualized device that is
>> exposed as a hardware RNG device to the guest. Virtio RNG just appears as a
>> regular hardware RNG to the guest, which the kernel reads from to fill its
>> entropy pool. This effectively allows a host to inject entropy into a guest via
>> several means: The default mode uses the host's /dev/random, but a physical HW
>> RNG device or EGD (Entropy Gathering Daemon) source can also be used.
>
> What exactly feeds /dev/random in the guest in the cases where this doesn't
> exist, and how do we cope with this obviously making /dev/random exhaustion
> in the host much more likely? (Other than assume that a HW RNG is in the
> host.)
>
> Given FIPS paranoia about RNG sources, does this have knock-on effects in
> the FIPS compliance of guests depending on how it's fed in the host?
The guests can always run their own rngd type tool?
I've been promised random in guests since xen2 days. It would be good if
we actually managed to get it.
Paul
More information about the devel
mailing list