[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-discuss] [libvirt-users] Efficacy of jitterentropy RNG on qemu
From: |
procmem |
Subject: |
Re: [Qemu-discuss] [libvirt-users] Efficacy of jitterentropy RNG on qemu-kvm Guests |
Date: |
Thu, 16 Aug 2018 15:12:00 +0000 |
Daniel P. Berrangé:
> On Fri, Aug 10, 2018 at 08:33:00PM +0000, procmem wrote:
>> Hello. I'm a distro maintainer and was wondering about the efficacy of
>> entropy daemons like haveged and jitterentropyd in qemu-kvm. One of the
>> authors of haveged [0] pointed out if the hardware cycles counter is
>> emulated and deterministic, and thus predictible. He therefore does not
>> recommend using HAVEGE on those systems. Is this the case with KVM's
>> counters?
>>
>> PS. I will be setting VM CPU settings to host-passthrough.
>
> Hardware from circa 2011 onwards has RDRAND support, and with host-passthrough
> this will be available to the guest. The rngd daemon, running in the guest,
> can use this as a source to feed the kernel entropy.
>
> In addition QEMU has support for virtio-rng which can pull entropy from
> /dev/urandom on the host, and feed it into the guest, where again rngd can
> give it to the kernel.
>
> So why do you need to consider haveged / jitterentropyd at all with QEMU ?
> It should suffice to just enable virtio-rng in the host and run rngd in
> all guests. If the host has RDRAND, that's an extra bonus.
>
> haveged / jitterentropyd should only be needed on other non-QEMU hypervisors
> which don't support something equiv to virtio-rng, and are on hardware that
> is too old for RDRAND.
>
> Regards,
> Daniel
>
Makes sense. Thanks for your answer.