[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] VirtIO-RNG: Update default entropy source to `/
From: |
Richard Henderson |
Subject: |
Re: [Qemu-devel] [PATCH] VirtIO-RNG: Update default entropy source to `/dev/urandom` |
Date: |
Tue, 7 May 2019 08:20:45 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 |
On 5/3/19 8:46 AM, Kashyap Chamarthy wrote:
> When QEMU exposes a VirtIO-RNG device to the guest, that device needs a
> source of entropy, and that source needs to be "non-blocking", like
> `/dev/urandom`. However, currently QEMU defaults to the problematic
> `/dev/random`, which is "blocking" (as in, it waits until sufficient
> entropy is available).
>
> So change the entropy source to the recommended `/dev/urandom`.
>
> Related discussion in these[1][2] past threads.
>
> [1] https://lists.nongnu.org/archive/html/qemu-devel/2018-06/msg08335.html
> -- "RNG: Any reason QEMU doesn't default to `/dev/urandom`?"
> [2] https://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg02724.html
> -- "[RFC] Virtio RNG: Consider changing the default entropy source to
> /dev/urandom"
>
> Signed-off-by: Kashyap Chamarthy <address@hidden>
> ---
> backends/rng-random.c | 2 +-
> qemu-options.hx | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
I would also like to point out
https://patchwork.ozlabs.org/project/qemu-devel/list/?series=97063
"[PATCH v4 00/24] Add qemu_getrandom and ARMv8.5-RNG etc"
Which, if used in more rng backends, would remove direct use of either
/dev/urandom or /dev/random and instead be handled by one of the crypto
libraries against which we link.
Which in turn may be implemented by getrandom(2) instead of the legacy
/dev/files.
Which would, I suppose, deprecate the file= option entirely.
r~
PS: I'm not sure what the difference between backends/rng* is supposed to be,
and whether that distinction is relevant.