On 10/28/2012 11:23 PM, Amit Shah wrote:
One solution could be to feed host's /dev/urandom to readers of
guests' /dev/urandom. We could then pass the rare true entropy bits
from host's /dev/hwrng or /dev/random to the guest via
virtio-rng-pci's /dev/hwrng interface in the guest.
If this is a valid idea (host /dev/urandom goes directly to guest's
/dev/urandom), we would need some guest-side surgery, but it shouldn't
be huge work, and would remove several bottlenecks.
Is this a very crazy idea?
It's not crazy, it's just pointless. You're doing a completely
unnecessary hypercall to run the PRNG in host space.
-hpa
--
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel. I don't speak on their behalf.
