On 03/01/2013 02:37 PM, H. Peter Anvin wrote:
On 02/28/2013 04:36 PM, Eric Blake wrote:
Stefan Berger and I discovered on IRC that virtio-rng is unable to
support fd passing. We attempted:
qemu-system-x86_64 ... -add-fd
set=4,fd=34,opaque=RDONLY:/dev/urandom
^^^^^^^^^^^^
-object rng-random,id=rng0,filename=/dev/fdset/4 -device
virtio-rng-pci,rng=rng0,bus=pci.0,addr=0x6
Unrelated, but you really, really, really don't want to pass
/dev/urandom there, use /dev/random.
From what I am reading about /dev/random is that it will start blocking
once not enough entropy is available anymore. Sounds like this could be
abused if multiple VMs were using this device and one drains the
entropy.. An alternative may be to pick go through a crypto library that
seeds itself with entropy and implements random number generators
following NIST 800-90 for example. Freebl would offer at least one such
implementation:
http://dxr.mozilla.org/mozilla-central/security/nss/lib/freebl/drbg.c.html
- search for 'NIST' there
Stefan
