[systemd-devel] Delaying (SSH) key generation until the urandom pool is initialized
Lennart Poettering
lennart at poettering.net
Mon May 5 07:35:37 PDT 2014
On Wed, 30.04.14 17:06, Florian Weimer (fweimer at redhat.com) wrote:
>
> On 04/30/2014 02:28 PM, Daniel P. Berrange wrote:
>
> >>Interesting suggestion. I just used virt-manager to create the VM.
> >>I don't see any trace for "rng" or "random" in the domain XML file.
> >>If it is supported, I think it should be enabled by default.
> >
> >I'm told that it isn't turned on by default, but you can add it to
> >a VM post-install. Since it feeds VMs from the host's /dev/random
> >or /dev/hwrng, there was a question mark as to whether it was right
> >to enable it by default or not, and if so what kind of rate limiting
> >might be wanted by default.
>
> Ah, so it builds down to our distrust of hardware RNGs? How
> annoying. We should be able to trust Fedora-on-Fedora (or
> Debian-on-Debian or whatever) scenarios. But I get that in the
> general case, it's impossible to know what's on the other side of
> the virtio_rng side, so reservations remain.
Hmm? Well, a virtualized OS has to trust the hypervisor, there's no way
around that. The hypervisor can do whatever it wants, and introspect,
change, fuck with any virtualized code, so not trusting the virtio-rng
sounds really weird, because there's no reason to trust it any more or
less than trusting the entire CPU...
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list