Re: [Qemu-devel] [PATCH 0/6] add paravirtualization hwrng support

[Paolo Bonzini <pbonzini@redhat.com>]

> This series implements the backend and frontend infrastructure for virtio-rng.
> This is similar to previous series sent out by both Amit and myself
> although it has been trimmed down considerably.
> 
> In terms of backends, a file and EGD backend are supported.  The file defaults
> to /dev/random based on the feedback from Peter.  It's still possible
> to support /dev/urandom though as an entropy source by overriding the file name.
> 
> I think this series is ready to merge.

Is /dev/random even appropriate to feed rngd?

rngd needs _a lot_ of entropy to even start working.  Its randomness test works in groups of 20000 bits. On a system without an hardware RNG, /dev/random can hardly produce 4000 bits/minute.  This means a guest will not get any entropy boost for 5 minutes after it's started, even if we allow it to exhaust the parent's entropy.

At this point, /dev/hwrng (or rdrand) seems just as good as /dev/random as a source for virtio-rng (and even better, it is not starved as easily).

I think RngBackend is over-engineered.  What other backends do you plan on adding?  Maybe rdrand, but that's just a chardev---so why isn't this enough:

  -chardev file,source=on,path=/dev/hwrng,id=chr0  -device virtio-rng-pci,file=chr0
  -chardev rdrand,id=chr0                          -device virtio-rng-pci,file=chr0
  -chardev socket,host=localhost,port=1024,id=chr0 -device virtio-rng-pci,rng=chr0,egd=on

(which I suggested in my reply to Amit)?

Paolo