[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Hardware Random Number Generator (RNG) access from Xen VMs, providing more entropy to guests



On 23/10/16 21:48, Pasi Kärkkäinen wrote:
> Has anyone thought of writing Xen RNG (PV) driver? 
> 
> Afaik currently there's no access to hardware accelerated RNGs from Xen VMs, 
> so for example SSL/TLS operations can result in low entropy and blocking 
> /dev/random in Xen VMs, resulting in poor performance of applications. 
> Running same applications on baremetal Linux result in much better 
> performance because baremetal Linux can access the hardware RNG directly, and 
> thus gets much more entropy.
> 
> Qemu/KVM provides virtio-rng driver.. I wonder if that'd work easily with Xen 
> aswell? I guess I should try..
> 
> virtio-rng backend is available in Qemu 1.3+:
> - http://wiki.qemu-project.org/Features/VirtIORNG
> - https://fedoraproject.org/wiki/Features/Virtio_RNG
> 
> And virtio-rng driver is included in upstream Linux kernel since 2.6.26.

I think a lot of people have thought about it, but with the advent of
rdrand and rdseed (IvyBridge and Skylake respectively, not sure about
AMD) there's not been the incentive.

jch

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.