On 08/11/2014 11:49 AM, Amit Shah wrote:
> The khwrngd thread is started when a hwrng device of sufficient
> quality is registered. The virtio-rng device is backed by the
> hypervisor, and we trust the hypervisor to provide real entropy. A
> malicious hypervisor is a scenario that's ruled out, so we are certain
> the quality of randomness we receive is perfectly trustworthy. Hence,
> we use 100% for the factor, indicating maximum confidence in the source.
>
> Signed-off-by: Amit Shah <amit.s...@redhat.com>
It isn't "ruled out", it is just irrelevant: if the hypervisor is
malicious, the quality of your random number source is the least of your
problems.
-hpa
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
