On Fri, 1 Feb 2013, Bill Nottingham wrote:
VirtIO RNG (random number generator) is a paravirtualized device that is
exposed as a hardware RNG device to the guest. Virtio RNG just appears as a
regular hardware RNG to the guest, which the kernel reads from to fill its
entropy pool. This effectively allows a host to inject entropy into a guest via
several means: The default mode uses the host's /dev/random, but a physical HW
RNG device or EGD (Entropy Gathering Daemon) source can also be used.
What exactly feeds /dev/random in the guest in the cases where this doesn't
exist, and how do we cope with this obviously making /dev/random exhaustion
in the host much more likely? (Other than assume that a HW RNG is in the
host.)
Given FIPS paranoia about RNG sources, does this have knock-on effects in
the FIPS compliance of guests depending on how it's fed in the host?
The guests can always run their own rngd type tool?
I've been promised random in guests since xen2 days. It would be good if
we actually managed to get it.
Paul
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
