Xen project Mailing List

Re: [MirageOS-devel] [Xen-devel] entropy for VMs

To: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>

From: Ian Campbell <ian.campbell@xxxxxxxxxx>

Date: Fri, 27 Feb 2015 13:18:49 +0000

Cc: Dave Scott <Dave.Scott@xxxxxxxxxx>, mirageos-devel <mirageos-devel@xxxxxxxxxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxx>

Delivery-date: Fri, 27 Feb 2015 13:20:14 +0000

List-id: Developer list for MirageOS <mirageos-devel.lists.xenproject.org>

On Mon, 2015-02-02 at 17:40 +0000, Stefano Stabellini wrote: > On Sun, 1 Feb 2015, Dave Scott wrote: > > Hi, > > > > Mirage now has nice features like TLS[1] and therefore needs a good source > > of randomness to generate session keys. Mirage VMs are PV, so we canât use > > virtio-rng. We've created a prototype entropy server which may be of > > interest to other people too: > > > > https://github.com/mirage/xentropyd > > > > This behaves a bit like xenconsoled: it watches for domains being created > > and then connects to them via the console protocol. There is a little > > handshake[2] (to catch accidental screwups with the wrong console) and then > > the daemon feeds random data into the console through a rate-limiter. > > Mirageâs entropy driver can read the data from the console fairly > > easily[3]. I assume we could write a similar thing for linux too. > > > > What do you think? (And does anyone know a better way (TM)?) > > I think it would be very useful in Linux too. I agree. Other than virtio-rng (which as Dave notes isn't available for PV) I don't know of any other solution, let alone a better one. I don't know what the virtio-rng protocol looks like, but AIUI it's based on either virtio-serial or virtio-channels -- as such I wonder if there is scope for at least using a common protocol (i.e. the handshake bit) over the two transports. That might then allow a common rngd in the guest to consume the channel and feed it to /dev/random? Ian. > > > > > The code is still a bit of a prototype, and contains slightly forked > > versions of core Mirage libraries-- I need to sort that out before a 1.0. > > > > Cheers, > > Dave > > > > [1] http://openmirage.org/blog/introducing-ocaml-tls > > [2] https://github.com/mirage/xentropyd/blob/master/doc/protocol.md > > [3] > > https://github.com/djs55/mirage-entropy/blob/981b070d78ae407015b1e8dedb3141b05454366f/xen/entropy_xen.ml#L130 > > _______________________________________________ > > Xen-devel mailing list > > Xen-devel@xxxxxxxxxxxxx > > http://lists.xen.org/xen-devel > > > _______________________________________________ Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel _______________________________________________ MirageOS-devel mailing list MirageOS-devel@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.