On Tue, Sep 18, 2018 at 01:00:31PM -0400, Sandy Harris wrote: > Solutions have been proposed by various people. If I understand them > right, Ted Ts'o suggests modifying the boot loader to provide some > entropy & John Denker suggests that every machine should be > provisioned with some entropy in the kernel image at install time. > Both are general solutions, but I think both would require updating > the entropy store later. As far as I know, neither has yet been > implemented as accepted patches > > Is a fix that only deals with a subset of the problem worth > considering? Just patch the VM support code so that any time a VM is > either booted or re-started after a save, the host system drops in > some entropy, This looks relatively easy to do, at least for Linux > VMs, and some of the code might be the same as what the more general > approaches would need. That already exists. It's called virtio-rng. On the host side, using kvm/qemu as an example, you just add the qemu options: -object rng-random,filename=/dev/urandom,id=rng0 \ -device virtio-rng-pci,rng=rng0 On the guest kernel, enable CONFIG_HW_RANDOM_VIRTIO. - Ted
