|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [MirageOS-devel] entropy for VMs
Hi, Mirage now has nice features like TLS[1] and therefore needs a good source of randomness to generate session keys. Mirage VMs are PV, so we canât use virtio-rng. We've created a prototype entropy server which may be of interest to other people too: https://github.com/mirage/xentropyd This behaves a bit like xenconsoled: it watches for domains being created and then connects to them via the console protocol. There is a little handshake[2] (to catch accidental screwups with the wrong console) and then the daemon feeds random data into the console through a rate-limiter. Mirageâs entropy driver can read the data from the console fairly easily[3]. I assume we could write a similar thing for linux too. What do you think? (And does anyone know a better way (TM)?) The code is still a bit of a prototype, and contains slightly forked versions of core Mirage libraries-- I need to sort that out before a 1.0. Cheers, Dave [1] http://openmirage.org/blog/introducing-ocaml-tls [2] https://github.com/mirage/xentropyd/blob/master/doc/protocol.md [3] https://github.com/djs55/mirage-entropy/blob/981b070d78ae407015b1e8dedb3141b05454366f/xen/entropy_xen.ml#L130 _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |