Features/Virtio RNG

From FedoraProject

< Features(Difference between revisions)
Jump to: navigation, search
(confirmed with maintainer, optional part not done for F19)
(Add link to test day test case)
 
Line 32: Line 32:
  
 
== How To Test ==
 
== How To Test ==
TBD
+
* [[QA:Testcase_Virtualization_VirtioRNG| Virtio RNG (Random Number Generator)]]
 
+
XXX: Manual qemu bits at http://wiki.qemu.org/Features/VirtIORNG#Testing
+
 
+
XXX: Libvirt instructions based on posted patches
+
  
 
== User Experience ==
 
== User Experience ==

Latest revision as of 19:29, 23 May 2013

Contents

[edit] Virtio RNG

[edit] Summary

Provide a paravirtual random number generator to virtual machines, to prevent entropy starvation in guests.

[edit] Owner

[edit] Current status

  • Targeted release: Fedora 19
  • Last updated: 2013-05-22
  • Percentage of completion: 100% (confirmed with maintainer, optional part not done for F19)

[edit] Detailed Description

The linux kernel collects entropy from various non-deterministic hardware events, like mouse and keyboard input, and network traffic. This entropy is then exposed through /dev/random, commonly used by cryptographic applications that need true randomness to maintain security. However if more entropy is being consumed than is being produced, we have entropy starvation: reading from /dev/random will block, which can cause a denial of service. A common example here is use of /dev/random by SSL in various services.

VirtIO RNG (random number generator) is a paravirtualized device that is exposed as a hardware RNG device to the guest. Virtio RNG just appears as a regular hardware RNG to the guest, which the kernel reads from to fill its entropy pool. This effectively allows a host to inject entropy into a guest via several means: The default mode uses the host's /dev/random, but a physical HW RNG device or EGD (Entropy Gathering Daemon) source can also be used.

[edit] Benefit to Fedora

Makes Fedora a better platform for hosting server VMs.

[edit] Scope

  • Virtio RNG driver in kernel (DONE, since 2.6.26)
  • QEMU Device (DONE, since qemu 1.3)
  • Libvirt support (DONE, in 1.0.3)
  • Apps (all optional but would be nice if they are done)
    • virt-install (Not done)
    • virt-manager (Not done)

[edit] How To Test

[edit] User Experience

Server VMs will have more options for avoiding entropy starvation.

[edit] Dependencies

None.

[edit] Contingency Plan

Since this is brand new functionality, if it isn't ready in time, nothing has changed. We just drop this feature page.

[edit] Documentation

[edit] Release Notes

KVM and libvirt now support a paravirtual random number generator device. This can be used to prevent entropy starvation in virtual machines.

[edit] Comments and Discussion