On 08/11/2014 11:49 AM, Amit Shah wrote: > The khwrngd thread is started when a hwrng device of sufficient > quality is registered. The virtio-rng device is backed by the > hypervisor, and we trust the hypervisor to provide real entropy. A > malicious hypervisor is a scenario that's ruled out, so we are certain > the quality of randomness we receive is perfectly trustworthy. Hence, > we use 100% for the factor, indicating maximum confidence in the source. > > Signed-off-by: Amit Shah <amit.shah@xxxxxxxxxx> It isn't "ruled out", it is just irrelevant: if the hypervisor is malicious, the quality of your random number source is the least of your problems. -hpa _______________________________________________ Virtualization mailing list Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/virtualization
