From: Jamie Lokier <jamie@shareable.org>
To: Ian Molton <ian.molton@collabora.co.uk>
Cc: Gerd Hoffmann <kraxel@redhat.com>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] virtio-rng
Date: Mon, 16 Nov 2009 23:35:55 +0000 [thread overview]
Message-ID: <20091116233555.GJ12063@shareable.org> (raw)
In-Reply-To: <4B01DD62.6030900@collabora.co.uk>
Ian Molton wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jamie Lokier wrote:
> > Ian Molton wrote:
> >> Heres my patch to virtio-console. The device is now specified like this:
> >>
> >> - -chardev file,path=/path/to/testfile,id=test
> >> - -device virtio-console-pci,chardev=test
>
> Note, I think the patch above is broken and slipped by me because I
> forgot to make clean - I'll doublecheck tomorrow.
>
> > It'd be nice if some options on the qemu command line (or config file)
> > resulted in the guest kernel getting entropy (assuming a kernel with
> > the appropriate support), without having to run a special
> > entropy-injection daemon in the guest.
>
> How, though - AFAIK linux has no drivers specifically intended to feed
> entropy into the kernels pool - all the hwrng drivers use a userspace
> tool to do so.
You're right, with the reason being hardware randomness should be
tested before being passed back to the kernel as trusted entropy, as
it might not be functioning properly or might not have the quality it
claims to have.
With VMs, in some circumstances it might be preferable to trust the
host when it says it's providing already-tested entropy. After all
the host has total control over the guest anyway, and the host entropy
has already been run through the same checks.
So I think virtio-rng could benefit form being a special case, if the
host says "I assert this is entropy", you might inject it directly,
and thus work even with guests that aren't running the rngd daemon for
one reason or another. (E.g. embedded system guests.)
> I still intend to submit my virtio-rng driver, if thats what you mean,
> since it presents the data via the same routes as all the other hw rng
> sources. I feel this approach has value.
Suddenly I'm intrigued by this "intend to submit" as I see a
virtio-rng driver already in the 2.6 tree... What have I misunderstood?
Thanks,
-- Jamie
next prev parent reply other threads:[~2009-11-16 23:36 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-11 21:31 [Qemu-devel] virtio-rng Ian Molton
2009-11-11 22:57 ` Paul Brook
2009-11-16 9:45 ` Gerd Hoffmann
2009-11-16 12:28 ` Ian Molton
2009-11-16 13:10 ` Gerd Hoffmann
2009-11-16 17:58 ` Ian Molton
2009-11-16 22:51 ` Jamie Lokier
2009-11-16 23:16 ` Ian Molton
2009-11-16 23:35 ` Jamie Lokier [this message]
2009-11-17 9:18 ` Ian Molton
2009-11-17 9:24 ` Amit Shah
[not found] ` <4B02705A.5060400@collabora.co.uk>
[not found] ` <20091117095456.GA11125@amit-x200.redhat.com>
[not found] ` <4B0278B0.1080505@collabora.co.uk>
[not found] ` <20091117102837.GA11493@amit-x200.redhat.com>
2009-11-17 11:10 ` Ian Molton
2009-11-17 11:25 ` Amit Shah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091116233555.GJ12063@shareable.org \
--to=jamie@shareable.org \
--cc=ian.molton@collabora.co.uk \
--cc=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).