> Date: Tue, 30 Mar 2021 23:53:43 +0200 > From: Manuel Bouyer <[email protected]> > > On Tue, Mar 30, 2021 at 02:40:18PM -0700, Greg A. Woods wrote: > > [...] > > > > Perhaps the answer is that nothing seems to be contributing anything to > > the entropy pool. No matter what device I exercise, none of the numbers > > in the following changes: > > yes, it's been this way since the rnd rototill. Virtual devices are > not trusted. > > The only way is to manually seed the pool.
This is false. The virtual RNG drivers (viornd(4) [1], rump hyperentropy [2], maybe others) all assume the VM host provides samples with full entropy. This has always been the case, and this didn't change at all in the rototill last year. There are no virtual RNG devices on the system in question, according to the quoted `rndctl -l' output. Perhaps the VM host needs to be taught to expose a virtio-rng device to the guest? [1] https://nxr.netbsd.org/xref/src/sys/dev/pci/viornd.c#245 [2] https://nxr.netbsd.org/xref/src/sys/rump/librump/rumpkern/hyperentropy.c#57 P.S. Further discussion about Python, getrandom, and system integration: https://mail-index.netbsd.org/tech-userlevel/2021/01/11/msg012807.html
