[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MirageOS-devel] vchan hackers wanted for mirage-entropy

On Wed, Nov 19, 2014 at 6:22 PM, Anil Madhavapeddy <anil@xxxxxxxxxx> wrote:
> Great!  One minor annoyance with vchan is that it does require a Xen machine
> to establish communications. If you don't have a Xen host, a Cubieboard is
> the easiest way to get started in the short term, or a Virtualbox setup.  I
> believe that Magnus is writing down the instructions for his Virtualbox
> setup at the moment...

Speaking of which, I set mine up running Xen on top of Linux KVM. Xen
itself unfortunately cannot use KVM hypercalls (apparently?), but this
makes for a pretty slim VM-in-VM setup. With HVM nesting it should
even be possible to boot Xen-unaware kernels inside Xen inside KVM.

If there is interest, I can share the magic incantations.

> On 19 Nov 2014, at 17:19, Nicolas Ojeda Bar <no263@xxxxxxxxxxxxxxx> wrote:
>
> Hi Anil,
>
> I can try my hand at this; I need a break and wouldn't mind doing this while
> I write the Ipv6 blog post.
>
> Cheers,
> Nicolas
>
> On Wednesday, November 19, 2014, Anil Madhavapeddy <anil@xxxxxxxxxx> wrote:
>>
>> Anyone got time for this?  Writing the dom0 proxy is pretty much a
>> hello-world use of the vchan bindings.  In theory, this should work
>> using the OCaml-conduit Vchan_lwt_unix mode, but in practise noone
>> has tried it yet.
>>
>> From the client side, it just needs a vchan call to read a certain
>> number of bytes and block if dom0 isn't supplying it with enough.
>>
>> -anil
>>
>> > On 19 Nov 2014, at 16:52, Hannes Mehnert <hannes@xxxxxxxxxxx> wrote:
>> >
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA384
>> >
>> > Hello,
>> >
>> > in order to move OCaml-TLS onto Xen, there is one bit missing which I
>> > neither know in detail nor have the time to deal with.
>> > How to get entropy into a Mirage unikernel. The startup sequence is
>> > rather deterministic, and we don't want to require a RW object store
>> > to keep the seed (best practises in the UNIX world).
>> >
>> > Instead we would like to proxy /dev/urandom from dom0 into the
>> > unikernel to seed our random number generator.
>> >
>> > The interface is already there:
>> > https://github.com/mirage/mirage/blob/master/types/V1.mli#L75
>> > There is also an implementation for Xen, but this uses very weak
>> > entropy:
>> > https://github.com/mirage/mirage-entropy/tree/master/xen
>> >
>> >
>> > Some related work I found was virtio-rng
>> > (https://fedoraproject.org/wiki/Features/Virtio_RNG) which is supposed
>> > to work on Xen as well
>> > (http://wiki.xen.org/wiki/Virtio_On_Xen) -- but this might very likely
>> > be overengineered for our purposes.
>> >
>> > We (well, David) already have a state of the art random number
>> > generator implemented (Fortuna, design by Schneier + Ferguson) here:
>> > https://github.com/mirleft/ocaml-nocrypto/blob/master/src/fortuna.mli
>> >
>> >
>> > If someone could give that a try, it'd speed up to get mirage-tls into
>> > a usable state.
>> >
>> >
>> > Thanks,
>> >
>> > Hannes
>> > -----BEGIN PGP SIGNATURE-----
>> > Version: GnuPG v2
>> >
>> > iQIcBAEBCQAGBQJUbMqxAAoJELyJZYjffCjuaMMQAIH+9Q+t8Vr+x5DJFEX2nwFd
>> > xljxICmmrU2hNrKf0c3qv4b/tJvs9VrHLR93eM6meTu5aesyu8mJjMxJByowePBA
>> > mrL6y28SHnDrytfYDntWdNhlgCNch5d0HCsb3LmiE1TTY08ksn7BvDF1RiaTi1YJ
>> > 2BSsSrMnWdef+hd9U9yv4d8IqieBBK5JmAY9edkLzB9YYZySNkPVjnnWRb3UmNH1
>> > 0QvKnt+mO1T7R4GRix/YiSw97Too75u4hKP3ENSMrNZDax8OHu979F0JBxqfV8UI
>> > SsnNzvZ2Kve+1VfA/3ZJmvieBVPhq22EWkULJPXP3YMh1EQEG9UgIA3JxTg1WX6d
>> > rmLDjwOBDX35tnzC3MSRBFAbiNs+U0BE4DJINTRAdza74l4FRvpNaXrDY7DKvnXP
>> > CvETZ7xdnyO9a3G2zGrcU0kzC2XyePvwHa5ORJpuY8R3f3yvXDO761aQN27Npcs/
>> > GAvNCPp4iwyqYmEaGOQ5DzWYYP8dzo+ZRSXBWgIlnKNPOYof8Xn8gjQ06HyZ4ZrB
>> > Yg8kIeoSFxhsLL5Kr8tRkIn1I2ruy1/h9BKR0PmhIlPXBxhVkhfne2aUAjMqvKir
>> > DSu1AKssucGhbSe0XgLEV6pdGrf+5+mJnnpMZzoZvGXAZjyMDy9LTsUAkXP/CHYH
>> > SdxLRj15TylPbNNkJYLQ
>> > =SZPh
>> > -----END PGP SIGNATURE-----
>> >
>> > _______________________________________________
>> > MirageOS-devel mailing list
>> > MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
>> > http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
>> >
>>
>>
>> _______________________________________________
>> MirageOS-devel mailing list
>> MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
>> http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
>
> _______________________________________________
> MirageOS-devel mailing list
> MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
> http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
>
>
>
> _______________________________________________
> MirageOS-devel mailing list
> MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
> http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
>



-- 
"Linear Time is wrong and suicidal." -- Gene Ray

_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.