From Fedora Project Wiki

Revision as of 18:26, 27 May 2013 by Crobinso (talk | contribs) (Mention that F19 host is required)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Description

Attach a paravirtual RNG device to the guest and verify the guest can see it. For more details, see:

https://fedoraproject.org/wiki/Features/Virtio_RNG

Setup

Nothing beyond the initial test day setup (basically a functioning F19+ VM and F19+ host).

How to test

Host /dev/random passthrough

This feeds the guest RNG with data from the host /dev/random entropy pool.

This is just for demonstration purposes
In real deployments this will likely exhaust the host's entropy pool if used with more than 1 virtual machine. This is mostly useful for sanity testing.
  • Stop the VM
  • sudo virsh edit f19
    • Stick this XML in the <devices> section
   <rng model='virtio'>
     <backend model='random'>/dev/random</backend>
   </rng>
    • Save and exit
  • Verify the guest sees the RNG device
    • Start the VM, log in
    • Verify /dev/hwrng exists
    • Verify module is loaded: lsmod | grep virtio_rng

Feeding the guest with EGD

Run EGD (entropy gathering daemon) on your host, and have the guest pull from that.

  • sudo yum install -y egd
  • sudo egd.pl --debug-client --nofork localhost:8000
  • Open port 8000 in your local firewall
  • Stop the VM
  • sudo virsh edit f19
    • Remove the old RNG device if needed
    • Stick this XML in the <devices> section:
 <rng model='virtio'>
   <backend model='egd' type='tcp'>
     <source mode='connect' host='127.0.0.1' service='8000'/>
   </backend>
 </rng>
    • Save and exit
  • Verify the guest sees the RNG device (see the previous test section)
  • Verify from the egd debug output that a client connected
  • Inside the guest, cat /dev/hwrng. The egd.pl debug output should mention entropy requests

Expected Results

No obvious errors occur.