From mboxrd@z Thu Jan  1 00:00:00 1970
From: Vadim Rozenfeld <vrozenfe@redhat.com>
Subject: Re: KVM, Entropy and Windows
Date: Thu, 17 Feb 2011 13:09:58 +0200
Message-ID: <1297940998.4745.17.camel@localhost>
References: <004882f9-9a99-4312-a7c5-c307398cd297@office.splatnix.net>
	 <4D5CE63B.9030906@redhat.com> <1297937344.2435.12.camel@localhost>
	 <4D5CFA82.6000708@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: Avi Kivity <avi@redhat.com>, "--[ UxBoD ]--" <uxbod@splatnix.net>,
	kvm@vger.kernel.org
To: dlaor@redhat.com
Return-path: <kvm-owner@vger.kernel.org>
Received: from mx1.redhat.com ([209.132.183.28]:23551 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752767Ab1BQLKF (ORCPT <rfc822;kvm@vger.kernel.org>);
	Thu, 17 Feb 2011 06:10:05 -0500
In-Reply-To: <4D5CFA82.6000708@redhat.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On Thu, 2011-02-17 at 12:37 +0200, Dor Laor wrote:
> On 02/17/2011 12:09 PM, Vadim Rozenfeld wrote:
> > On Thu, 2011-02-17 at 11:11 +0200, Avi Kivity wrote:
> >> On 02/16/2011 09:54 PM, --[ UxBoD ]-- wrote:
> >>> Hello all,
> >>>
> >>> I believe I am hitting a problem on one of our Windows 2003 KVM guests were I believe it is running out of Entropy and causing SSL issues.
> >>>
> >>> I see that there is a module called virtio-rng which I believe passes the HW entropy source through to the guest but does this work on Windows as-well ?
> >>>
> >>
> >> AFAIK there is no Windows driver for virtio-rng.  Seems like a good
> >> idea.  Vadim?
> > virtio-rng driver for windows is not a big deal. IMO, the real problem
> > will be to force Windows to use for CriptoApi.
> 
> What's the implication of it? good or bad?
iirc, Vista and higher use a new generation of cryptography API. 
CriptoApi can be integrated with smart cards sub-system. If we 
can make Windows virtio-rng driver to be attachable to smart cart
devstack, I think we can solve the problem.

> Do you know what hyper-v is doing for it?
> 
No idea.
> >>
> >>> If it doesn't any ideas on how I can increase the amount of entropy being generated on a headless system ? or even monitor entropy on a Windows system ?
> >>
> >> No idea.  Maybe you could ask Windows to collect entropy from packet
> >> timings.
> >>
> >
> >
> > --
> > To unsubscribe from this list: send the line "unsubscribe kvm" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
>