[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[MirageOS-devel] entropy for VMs


  • To: Xen-devel <xen-devel@xxxxxxxxxxxxx>
  • From: Dave Scott <Dave.Scott@xxxxxxxxxx>
  • Date: Sun, 1 Feb 2015 21:12:31 +0000
  • Accept-language: en-GB, en-US
  • Cc: mirageos-devel <mirageos-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Sun, 01 Feb 2015 21:12:43 +0000
  • List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>
  • Thread-index: AQHQPmPK0gebIcSiW0KibH3nefMq7Q==
  • Thread-topic: entropy for VMs

Hi,

Mirage now has nice features like TLS[1] and therefore needs a good source of 
randomness to generate session keys. Mirage VMs are PV, so we canât use 
virtio-rng. We've created a prototype entropy server which may be of interest 
to other people too:

https://github.com/mirage/xentropyd

This behaves a bit like xenconsoled: it watches for domains being created and 
then connects to them via the console protocol. There is a little handshake[2] 
(to catch accidental screwups with the wrong console) and then the daemon feeds 
random data into the console through a rate-limiter. Mirageâs entropy driver 
can read the data from the console fairly easily[3]. I assume we could write a 
similar thing for linux too.

What do you think? (And does anyone know a better way (TM)?)

The code is still a bit of a prototype, and contains slightly forked versions 
of core Mirage libraries-- I need to sort that out before a 1.0.

Cheers,
Dave

[1] http://openmirage.org/blog/introducing-ocaml-tls
[2] https://github.com/mirage/xentropyd/blob/master/doc/protocol.md
[3] 
https://github.com/djs55/mirage-entropy/blob/981b070d78ae407015b1e8dedb3141b05454366f/xen/entropy_xen.ml#L130
_______________________________________________
MirageOS-devel mailing list
MirageOS-devel@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.