Web lists-archives.com

Re: Handling of entropy during boot

On Jan 09, "Theodore Y. Ts'o" <tytso@xxxxxxx> wrote:

> x86 systems have a high resolution timer; Rasberry PI's don't.
> Furthermore, if libvirt is miconfigured, it should just be fixed (and
> better yet, it should be configured to enable virtio-rng, which is
> *not* hard).
Can you clarify what is the best practice here? I am finding a lot of 
conflicting and often obviously clueless advice online.
Is it enough to feed the host side of virtio-rng with /dev/random or 
should everybody who has virtual machines also install rngd in the host?
Is rngd to be preferred to haveged?

Data points: none of my current virtualization hosts (very new HPE 
Gen10 and Cisco UCS M5 blades) have an hardware RNG available to the 
kernel, at least with RHEL 7.
When rngd is installed it reports RDRAND and jitter entropy (the rngd
internal source, not the kernel module) to be available.


Attachment: signature.asc
Description: PGP signature