[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support
|
From: |
Paolo Bonzini |
|
Subject: |
Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support |
|
Date: |
Mon, 29 Oct 2012 09:45:09 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121016 Thunderbird/16.0.1 |
Il 26/10/2012 22:29, H. Peter Anvin ha scritto:
>>> This is surreal. Output from /dev/hwrng turns into output for
>>> /dev/random... it us guaranteed worse; period, end of story.
>> >
>> > Isn't that exactly what happens in bare-metal? hwrng -> rngd -> random.
>> > Instead here
>> > we'd have, host hwrng -> virtio-rng-pci -> guest hwrng -> guest rngd ->
>> > guest random.
>> >
>> > The only difference is that you paravirtualize access to the host hwrng to
>> > a) distribute
>> > entropy to multiple guests; b) support migration across hosts with
>> > different CPUs and
>> > hardware.
> First, hwrng is only one of the sources used by rngd. It can also
> (currently) use RDRAND or TPM; additional sources are likely to be added
> in the future.
>
> Second, the harvesting of environmental noise -- timings -- is not as
> good in a VM as on plain hardware, so for the no-hwrng case it is better
> for this to be done in the host than in the VM.
Neither of these make /dev/random with virtio-rng-pci worse than without
(as would be the case if you fed /dev/urandom). And migration works.
This, and avoiding denial of service for the host's /dev/random, is all
I care about at this time.
There is always time to change defaults to something better.
Paolo
- Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support, (continued)
- Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support, H. Peter Anvin, 2012/10/26
- Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support, Anthony Liguori, 2012/10/26
- Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support, H. Peter Anvin, 2012/10/26
- Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support, Amit Shah, 2012/10/29
- Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support, H. Peter Anvin, 2012/10/30
- Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support, Paolo Bonzini, 2012/10/26
- Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support, H. Peter Anvin, 2012/10/26
- Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support, Paolo Bonzini, 2012/10/26
- Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support, H. Peter Anvin, 2012/10/26
- Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support, H. Peter Anvin, 2012/10/26
- Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support,
Paolo Bonzini <=
- Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support, H. Peter Anvin, 2012/10/30
- Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support, H. Peter Anvin, 2012/10/30
- Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support, Paolo Bonzini, 2012/10/30
- Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support, H. Peter Anvin, 2012/10/30
- Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support, Paolo Bonzini, 2012/10/31
- Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support, H. Peter Anvin, 2012/10/31
- Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support, Paolo Bonzini, 2012/10/31
- Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support, Paolo Bonzini, 2012/10/26
Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support, Amit Shah, 2012/10/29