From mboxrd@z Thu Jan  1 00:00:00 1970
From: "H. Peter Anvin" <hpa@linux.intel.com>
Subject: Re: [PATCH 1/1] virtio: rng: add derating factor for use by hwrng
 core
Date: Mon, 11 Aug 2014 15:11:03 -0700
Message-ID: <53E93F77.9030305@linux.intel.com>
References: <6f2df652355d6e78da846d06e32489b7d9cdfcc2.1407782982.git.amit.shah@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: Rusty Russell <rusty@rustcorp.com.au>,
	Virtualization List <virtualization@lists.linux-foundation.org>,
	kvm list <kvm@vger.kernel.org>, jgarzik@bitpay.com,
	duwe@lst.de, Amos Kong <akong@redhat.com>,
	ricardo.neri-calderon@linux.intel.com, tytso@mit.edu,
	herbert@gondor.apana.org.au
To: Amit Shah <amit.shah@redhat.com>, linux-kernel@vger.kernel.org
Return-path: <linux-kernel-owner@vger.kernel.org>
In-Reply-To: <6f2df652355d6e78da846d06e32489b7d9cdfcc2.1407782982.git.amit.shah@redhat.com>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: kvm.vger.kernel.org

On 08/11/2014 11:49 AM, Amit Shah wrote:
> The khwrngd thread is started when a hwrng device of sufficient
> quality is registered.  The virtio-rng device is backed by the
> hypervisor, and we trust the hypervisor to provide real entropy.  A
> malicious hypervisor is a scenario that's ruled out, so we are certain
> the quality of randomness we receive is perfectly trustworthy.  Hence,
> we use 100% for the factor, indicating maximum confidence in the source.
> 
> Signed-off-by: Amit Shah <amit.shah@redhat.com>

It isn't "ruled out", it is just irrelevant: if the hypervisor is
malicious, the quality of your random number source is the least of your
problems.

	-hpa