From mboxrd@z Thu Jan 1 00:00:00 1970 From: Sarah Newman Subject: Re: PV random device Date: Tue, 6 Oct 2015 00:40:41 -0700 Message-ID: <56137AF9.2010107@prgmr.com> References: <561324FD.8010909@prgmr.com> <20151006033521.GF4243@bitfolk.com> <56134A3F.3090809@prgmr.com> <20151006042904.GJ4243@bitfolk.com> <1e6b2ce6bdab30816895b8b251fa29c5@crc.id.au> <20151006051809.GK4243@bitfolk.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1ZjMrd-000810-FW for xen-devel@lists.xenproject.org; Tue, 06 Oct 2015 07:40:45 +0000 In-Reply-To: <20151006051809.GK4243@bitfolk.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Andy Smith , Steven Haigh Cc: xen-devel List-Id: xen-devel@lists.xenproject.org On 10/05/2015 10:18 PM, Andy Smith wrote: > But again as I say, that article I posted earlier contains a bunch > of smart crypto people saying that all of this is unnecessary. So > should we be enabling it? Even if only urandom is considered necessary, how is the initial seed for urandom being generated and securely provided (if externally generated) to the guest? ubuntu has a client/server "entropy as a service" pollen https://github.com/dustinkirkland/pollen and pollinate https://github.com/dustinkirkland/pollinate which writes to /dev/urandom at boot. To my best knowledge a total of zero non-ubuntu derived distributions have adopted it, though I can't comment on why. MirageOS has come up with https://github.com/mirage/xentropyd and https://github.com/mirage/mirage-entropy which appears to be a layer on top of channels http://xenbits.xen.org/gitweb/?p=xen.git;a=blob;f=docs/misc/channel.txt I don't know if this is the preferred implementation method. I also haven't found a front-end implementation other than in MirageOS.