Proposed F19 Feature: Virtio RNG
jreznik at redhat.com
Thu Jan 31 19:03:19 UTC 2013
= Features/Virtio RNG =
Feature owner(s): Cole Robinson <crobinso at redhat.com>, Amit Shah
<amit.shah at redhat.com>
Provide a paravirtual random number generator to virtual machines, to prevent
entropy starvation in guests.
== Detailed description ==
The linux kernel collects entropy from various non-deterministic hardware
events, like mouse and keyboard input, and network traffic. This entropy is then
exposed through /dev/random, commonly used by cryptographic applications that
need true randomness to maintain security. However if more entropy is being
consumed than is being produced, we have entropy starvation: reading from
/dev/random will block, which can cause a denial of service. A common example
here is use of /dev/random by SSL in various services.
VirtIO RNG (random number generator) is a paravirtualized device that is
exposed as a hardware RNG device to the guest. Virtio RNG just appears as a
regular hardware RNG to the guest, which the kernel reads from to fill its
entropy pool. This effectively allows a host to inject entropy into a guest via
several means: The default mode uses the host's /dev/random, but a physical HW
RNG device or EGD (Entropy Gathering Daemon) source can also be used.
More information about the devel-announce