* Hardware Random Number Generator (RNG) access from Xen VMs, providing more entropy to guests
@ 2016-10-23 20:48 Pasi Kärkkäinen
2016-10-24 11:17 ` John Haxby
0 siblings, 1 reply; 2+ messages in thread
From: Pasi Kärkkäinen @ 2016-10-23 20:48 UTC (permalink / raw)
To: xen-devel
Hello,
Has anyone thought of writing Xen RNG (PV) driver?
Afaik currently there's no access to hardware accelerated RNGs from Xen VMs, so for example SSL/TLS operations can result in low entropy and blocking /dev/random in Xen VMs, resulting in poor performance of applications. Running same applications on baremetal Linux result in much better performance because baremetal Linux can access the hardware RNG directly, and thus gets much more entropy.
Qemu/KVM provides virtio-rng driver.. I wonder if that'd work easily with Xen aswell? I guess I should try..
virtio-rng backend is available in Qemu 1.3+:
- http://wiki.qemu-project.org/Features/VirtIORNG
- https://fedoraproject.org/wiki/Features/Virtio_RNG
And virtio-rng driver is included in upstream Linux kernel since 2.6.26.
Thanks,
-- Pasi
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Hardware Random Number Generator (RNG) access from Xen VMs, providing more entropy to guests
2016-10-23 20:48 Hardware Random Number Generator (RNG) access from Xen VMs, providing more entropy to guests Pasi Kärkkäinen
@ 2016-10-24 11:17 ` John Haxby
0 siblings, 0 replies; 2+ messages in thread
From: John Haxby @ 2016-10-24 11:17 UTC (permalink / raw)
To: xen-devel
On 23/10/16 21:48, Pasi Kärkkäinen wrote:
> Has anyone thought of writing Xen RNG (PV) driver?
>
> Afaik currently there's no access to hardware accelerated RNGs from Xen VMs, so for example SSL/TLS operations can result in low entropy and blocking /dev/random in Xen VMs, resulting in poor performance of applications. Running same applications on baremetal Linux result in much better performance because baremetal Linux can access the hardware RNG directly, and thus gets much more entropy.
>
> Qemu/KVM provides virtio-rng driver.. I wonder if that'd work easily with Xen aswell? I guess I should try..
>
> virtio-rng backend is available in Qemu 1.3+:
> - http://wiki.qemu-project.org/Features/VirtIORNG
> - https://fedoraproject.org/wiki/Features/Virtio_RNG
>
> And virtio-rng driver is included in upstream Linux kernel since 2.6.26.
I think a lot of people have thought about it, but with the advent of
rdrand and rdseed (IvyBridge and Skylake respectively, not sure about
AMD) there's not been the incentive.
jch
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-10-24 11:17 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-23 20:48 Hardware Random Number Generator (RNG) access from Xen VMs, providing more entropy to guests Pasi Kärkkäinen
2016-10-24 11:17 ` John Haxby
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).