Features/Virtio RNG

From FedoraProject

< Features(Difference between revisions)
Jump to: navigation, search
(Bunch of updates)
(Add link to test day test case)
 
(14 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= VirtIORNG =
+
= Virtio RNG =
  
 
== Summary ==
 
== Summary ==
Line 12: Line 12:
 
== Current status ==
 
== Current status ==
 
* Targeted release: [[Releases/19 | Fedora 19]]
 
* Targeted release: [[Releases/19 | Fedora 19]]
* Last updated:  
+
* Last updated: 2013-05-22
* Percentage of completion: 50%
+
* Percentage of completion: 100% (confirmed with maintainer, optional part not done for F19)
  
 
== Detailed Description ==
 
== Detailed Description ==
 
The linux kernel collects entropy from various non-deterministic hardware events, like mouse and keyboard input, and network traffic. This entropy is then exposed through /dev/random, commonly used by cryptographic applications that need true randomness to maintain security. However if more entropy is being consumed than is being produced, we have entropy starvation: reading from /dev/random will block, which can cause a denial of service. A common example here is use of /dev/random by SSL in various services.
 
The linux kernel collects entropy from various non-deterministic hardware events, like mouse and keyboard input, and network traffic. This entropy is then exposed through /dev/random, commonly used by cryptographic applications that need true randomness to maintain security. However if more entropy is being consumed than is being produced, we have entropy starvation: reading from /dev/random will block, which can cause a denial of service. A common example here is use of /dev/random by SSL in various services.
  
VirtIO RNG (random number generator) is a paravirtualized device that is exposed as a hardware RNG device to the guest. Virtio RNG just appears as a regular hardware RNG to the guest, which the kernel reads from to fill its entropy pool. This effectively allows a host to entropy into a guest via several means: The default mode uses the host's /dev/random, but a physical HW RNG device or EGD (Entropy Gathering Daemon) can also be used.
+
VirtIO RNG (random number generator) is a paravirtualized device that is exposed as a hardware RNG device to the guest. Virtio RNG just appears as a regular hardware RNG to the guest, which the kernel reads from to fill its entropy pool. This effectively allows a host to inject entropy into a guest via several means: The default mode uses the host's /dev/random, but a physical HW RNG device or EGD (Entropy Gathering Daemon) source can also be used.
  
 
== Benefit to Fedora ==
 
== Benefit to Fedora ==
Guests will have access to better and faster entropy.
+
Makes Fedora a better platform for hosting server VMs.
  
 
== Scope ==
 
== Scope ==
 
* Virtio RNG driver in kernel (DONE, since 2.6.26)
 
* Virtio RNG driver in kernel (DONE, since 2.6.26)
 
* QEMU Device (DONE, since qemu 1.3)
 
* QEMU Device (DONE, since qemu 1.3)
* Libvirt support (patch posted, not commited yet)
+
* Libvirt support (DONE, in 1.0.3)
 
* Apps (all optional but would be nice if they are done)
 
* Apps (all optional but would be nice if they are done)
 
** virt-install (Not done)
 
** virt-install (Not done)
Line 32: Line 32:
  
 
== How To Test ==
 
== How To Test ==
See http://wiki.qemu.org/Features/VirtIORNG#Testing
+
* [[QA:Testcase_Virtualization_VirtioRNG| Virtio RNG (Random Number Generator)]]
 
+
XXX: copy bits here, proposed libvirt bits
+
  
 
== User Experience ==
 
== User Experience ==
Guests will have access to better and faster entropy.
+
Server VMs will have more options for avoiding entropy starvation.
  
 
== Dependencies ==
 
== Dependencies ==
None
+
None.
  
 
== Contingency Plan ==
 
== Contingency Plan ==
Line 46: Line 44:
  
 
== Documentation ==
 
== Documentation ==
<!-- Is there upstream documentation on this feature, or notes you have written yourself?  Link to that material here so other interested developers can get involved. -->
 
 
 
* [http://wiki.qemu-project.org/Features/VirtIORNG QEMU VirtIO RNG feature page]
 
* [http://wiki.qemu-project.org/Features/VirtIORNG QEMU VirtIO RNG feature page]
 
* [https://lists.gnu.org/archive/html/qemu-devel/2012-05/msg02235.html QEMU patch email from May 2012]
 
* [https://lists.gnu.org/archive/html/qemu-devel/2012-05/msg02235.html QEMU patch email from May 2012]
Line 53: Line 49:
 
* [https://www.redhat.com/archives/libvir-list/2012-December/msg00937.html Libvirt RFC detailing potential future RNG daemon]
 
* [https://www.redhat.com/archives/libvir-list/2012-December/msg00937.html Libvirt RFC detailing potential future RNG daemon]
 
* [http://egd.sourceforge.net/ Entropy gathering daemon (EGD)]
 
* [http://egd.sourceforge.net/ Entropy gathering daemon (EGD)]
 +
* [http://log.amitshah.net/2013/01/about-random-numbers-and-virtual-machines/ Amit's post about virt and RNG]
 +
* [https://lwn.net/Articles/525459/ LWN article about random numbers]
  
 
== Release Notes ==
 
== Release Notes ==
Line 58: Line 56:
  
 
== Comments and Discussion ==
 
== Comments and Discussion ==
None yet.
+
* fedora devel discussion about the feature: https://lists.fedoraproject.org/pipermail/devel/2013-February/177867.html
  
[[Category:FeaturePageIncomplete]]
+
[[Category:FeatureAcceptedF19]]
<!-- When your feature page is completed and ready for review -->
+
[[Category:Virtualization]]
<!-- remove Category:FeaturePageIncomplete and change it to Category:FeatureReadyForWrangler -->
+
<!-- After review, the feature wrangler will move your page to Category:FeatureReadyForFesco... if it still needs more work it will move back to Category:FeaturePageIncomplete-->
+
<!-- A pretty picture of the page category usage is at: https://fedoraproject.org/wiki/Features/Policy/Process -->
+

Latest revision as of 19:29, 23 May 2013

Contents

[edit] Virtio RNG

[edit] Summary

Provide a paravirtual random number generator to virtual machines, to prevent entropy starvation in guests.

[edit] Owner

[edit] Current status

  • Targeted release: Fedora 19
  • Last updated: 2013-05-22
  • Percentage of completion: 100% (confirmed with maintainer, optional part not done for F19)

[edit] Detailed Description

The linux kernel collects entropy from various non-deterministic hardware events, like mouse and keyboard input, and network traffic. This entropy is then exposed through /dev/random, commonly used by cryptographic applications that need true randomness to maintain security. However if more entropy is being consumed than is being produced, we have entropy starvation: reading from /dev/random will block, which can cause a denial of service. A common example here is use of /dev/random by SSL in various services.

VirtIO RNG (random number generator) is a paravirtualized device that is exposed as a hardware RNG device to the guest. Virtio RNG just appears as a regular hardware RNG to the guest, which the kernel reads from to fill its entropy pool. This effectively allows a host to inject entropy into a guest via several means: The default mode uses the host's /dev/random, but a physical HW RNG device or EGD (Entropy Gathering Daemon) source can also be used.

[edit] Benefit to Fedora

Makes Fedora a better platform for hosting server VMs.

[edit] Scope

  • Virtio RNG driver in kernel (DONE, since 2.6.26)
  • QEMU Device (DONE, since qemu 1.3)
  • Libvirt support (DONE, in 1.0.3)
  • Apps (all optional but would be nice if they are done)
    • virt-install (Not done)
    • virt-manager (Not done)

[edit] How To Test

[edit] User Experience

Server VMs will have more options for avoiding entropy starvation.

[edit] Dependencies

None.

[edit] Contingency Plan

Since this is brand new functionality, if it isn't ready in time, nothing has changed. We just drop this feature page.

[edit] Documentation

[edit] Release Notes

KVM and libvirt now support a paravirtual random number generator device. This can be used to prevent entropy starvation in virtual machines.

[edit] Comments and Discussion