On Fri, Aug 10, 2018 at 08:33:00PM +0000, procmem wrote: > Hello. I'm a distro maintainer and was wondering about the efficacy of > entropy daemons like haveged and jitterentropyd in qemu-kvm. One of the > authors of haveged [0] pointed out if the hardware cycles counter is > emulated and deterministic, and thus predictible. He therefore does not > recommend using HAVEGE on those systems. Is this the case with KVM's > counters? > > PS. I will be setting VM CPU settings to host-passthrough. Hardware from circa 2011 onwards has RDRAND support, and with host-passthrough this will be available to the guest. The rngd daemon, running in the guest, can use this as a source to feed the kernel entropy. In addition QEMU has support for virtio-rng which can pull entropy from /dev/urandom on the host, and feed it into the guest, where again rngd can give it to the kernel. So why do you need to consider haveged / jitterentropyd at all with QEMU ? It should suffice to just enable virtio-rng in the host and run rngd in all guests. If the host has RDRAND, that's an extra bonus. haveged / jitterentropyd should only be needed on other non-QEMU hypervisors which don't support something equiv to virtio-rng, and are on hardware that is too old for RDRAND. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
