|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] entropy for VMs
On Sun, 1 Feb 2015, Dave Scott wrote: > Hi, > > Mirage now has nice features like TLS[1] and therefore needs a good source of > randomness to generate session keys. Mirage VMs are PV, so we canât use > virtio-rng. We've created a prototype entropy server which may be of interest > to other people too: > > https://github.com/mirage/xentropyd > > This behaves a bit like xenconsoled: it watches for domains being created and > then connects to them via the console protocol. There is a little > handshake[2] (to catch accidental screwups with the wrong console) and then > the daemon feeds random data into the console through a rate-limiter. > Mirageâs entropy driver can read the data from the console fairly easily[3]. > I assume we could write a similar thing for linux too. > > What do you think? (And does anyone know a better way (TM)?) I think it would be very useful in Linux too. > The code is still a bit of a prototype, and contains slightly forked versions > of core Mirage libraries-- I need to sort that out before a 1.0. > > Cheers, > Dave > > [1] http://openmirage.org/blog/introducing-ocaml-tls > [2] https://github.com/mirage/xentropyd/blob/master/doc/protocol.md > [3] > https://github.com/djs55/mirage-entropy/blob/981b070d78ae407015b1e8dedb3141b05454366f/xen/entropy_xen.ml#L130 > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxx > http://lists.xen.org/xen-devel > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |