search for: rngd

On 08/07/2014 06:08 AM, Amit Shah wrote: > On KVM guests where the virtio-rng device is available, and set as the > current rng, this udev rule will start rngd which will feed in the > host-provided entropy to /dev/random. > > Signed-off-by: Amit Shah <amit.shah at redhat.com> > --- > 90-virtio-rng.rules | 1 + > 1 file changed, 1 insertion(+) > create mode 100644 90-virtio-rng.rules > > diff --git a/90-virtio-rng.rule...

On 08/07/2014 06:08 AM, Amit Shah wrote: > On KVM guests where the virtio-rng device is available, and set as the > current rng, this udev rule will start rngd which will feed in the > host-provided entropy to /dev/random. > > Signed-off-by: Amit Shah <amit.shah at redhat.com> > --- > 90-virtio-rng.rules | 1 + > 1 file changed, 1 insertion(+) > create mode 100644 90-virtio-rng.rules > > diff --git a/90-virtio-rng.rule...

On (Thu) 07 Aug 2014 [12:31:11], H. Peter Anvin wrote: > On 08/07/2014 06:08 AM, Amit Shah wrote: > > On KVM guests where the virtio-rng device is available, and set as the > > current rng, this udev rule will start rngd which will feed in the > > host-provided entropy to /dev/random. > > > > Signed-off-by: Amit Shah <amit.shah at redhat.com> > > --- > > 90-virtio-rng.rules | 1 + > > 1 file changed, 1 insertion(+) > > create mode 100644 90-virtio-rng.rules > &g...

Hello, I didn't find a mailing list for rng-tools, so CC'ing the kernel lists and the last few committers. The first patch in this series adds a udev rule to start rngd for guests that have a virtio-rng device available. The second patch attempts to add autoconf magic to install the udev rule in the system dirs. However, installing as non-root will obviously fail. Prefixes are also not honoured. I don't know of a better way, and we probably should leave th...

Hello, I didn't find a mailing list for rng-tools, so CC'ing the kernel lists and the last few committers. The first patch in this series adds a udev rule to start rngd for guests that have a virtio-rng device available. The second patch attempts to add autoconf magic to install the udev rule in the system dirs. However, installing as non-root will obviously fail. Prefixes are also not honoured. I don't know of a better way, and we probably should leave th...

I think that in hw_rng machines something like this is good (not via-rng): > #!/bin/bash > # > # chkconfig: 2345 20 80 > # description: Rngd daemon\ > # processname: rngd > # pidfile: /var/run/rngd.pid > # config: /etc/sysconfig/rngd > > # source function library > . /etc/init.d/functions > > RETVAL=0 > > start() { > echo -n $"Starting rngd services: " > modprobe via-...

On KVM guests where the virtio-rng device is available, and set as the current rng, this udev rule will start rngd which will feed in the host-provided entropy to /dev/random. Signed-off-by: Amit Shah <amit.shah at redhat.com> --- 90-virtio-rng.rules | 1 + 1 file changed, 1 insertion(+) create mode 100644 90-virtio-rng.rules diff --git a/90-virtio-rng.rules b/90-virtio-rng.rules new file mode 100644...

On 08/08/2014 02:07 AM, Amit Shah wrote: > > >> To >> some degree the above is obsolete when we get khwrngd widely deployed, >> but that is a new-kernel-only kind of thing. > > Right - I'm wondering if any such changes as propsed here are now > obsolted already by khwrngd? > In this case, yes, khwrngd would be a better solution for current kernels. -hpa

On 08/11/2014 06:30 AM, Torsten Duwe wrote: > On Mon, Aug 11, 2014 at 12:45:27PM +0530, Amit Shah wrote: >> >> What's the suggested value for rng->quality, though, for virtio-rng >> that I can use to ensure the kthread starts? >> >> Should I use the 700 (70%) as proposed in the original patchset? I'm >> not exactly sure how that value will be used

On (Fri) 08 Aug 2014 [14:46:27], H. Peter Anvin wrote: > On 08/08/2014 02:07 AM, Amit Shah wrote: > > > > > >> To > >> some degree the above is obsolete when we get khwrngd widely deployed, > >> but that is a new-kernel-only kind of thing. > > > > Right - I'm wondering if any such changes as propsed here are now > > obsolted already by khwrngd? > > > > In this case, yes, khwrngd would be a better solution for current kerne...

On Mon, Aug 11, 2014 at 12:45:27PM +0530, Amit Shah wrote: > > What's the suggested value for rng->quality, though, for virtio-rng > that I can use to ensure the kthread starts? > > Should I use the 700 (70%) as proposed in the original patchset? I'm > not exactly sure how that value will be used as well.. There is no such thing as a suggested value, every number

On 08/08/2014 02:07 AM, Amit Shah wrote: > > >> To >> some degree the above is obsolete when we get khwrngd widely deployed, >> but that is a new-kernel-only kind of thing. > > Right - I'm wondering if any such changes as propsed here are now > obsolted already by khwrngd? > In this case, yes, khwrngd would be a better solution for current kernels. -hpa

On Mon, Aug 11, 2014 at 12:45:27PM +0530, Amit Shah wrote: > > What's the suggested value for rng->quality, though, for virtio-rng > that I can use to ensure the kthread starts? > > Should I use the 700 (70%) as proposed in the original patchset? I'm > not exactly sure how that value will be used as well.. There is no such thing as a suggested value, every number

...rtio-rng, and it > > might be best just to admit that there's no way to seed the entropy pool > > from the virtio-rng at probe time. After all, once userspace is up, the > > system should take advantage of /dev/hwrng for the generation of > > long-term keys. Either via rngd feeding /dev/random, or directly. > > > > As for the follow-on patch you asked about, I think that's fine. More > > entropy can't hurt. > > > > The below patch might be worth considering so that the user of a system > > with only virtio-rng can kick th...

...rtio-rng, and it > > might be best just to admit that there's no way to seed the entropy pool > > from the virtio-rng at probe time. After all, once userspace is up, the > > system should take advantage of /dev/hwrng for the generation of > > long-term keys. Either via rngd feeding /dev/random, or directly. > > > > As for the follow-on patch you asked about, I think that's fine. More > > entropy can't hurt. > > > > The below patch might be worth considering so that the user of a system > > with only virtio-rng can kick th...

...to the idea of the init function for virtio-rng, and it might be best just to admit that there's no way to seed the entropy pool from the virtio-rng at probe time. After all, once userspace is up, the system should take advantage of /dev/hwrng for the generation of long-term keys. Either via rngd feeding /dev/random, or directly. As for the follow-on patch you asked about, I think that's fine. More entropy can't hurt. The below patch might be worth considering so that the user of a system with only virtio-rng can kick the entropy pool as they see fit. It's probably not too k...

...to the idea of the init function for virtio-rng, and it might be best just to admit that there's no way to seed the entropy pool from the virtio-rng at probe time. After all, once userspace is up, the system should take advantage of /dev/hwrng for the generation of long-term keys. Either via rngd feeding /dev/random, or directly. As for the follow-on patch you asked about, I think that's fine. More entropy can't hurt. The below patch might be worth considering so that the user of a system with only virtio-rng can kick the entropy pool as they see fit. It's probably not too k...

Hello. I'm a distro maintainer and was wondering about the efficacy of entropy daemons like haveged and jitterentropyd in qemu-kvm. One of the authors of haveged [0] pointed out if the hardware cycles counter is emulated and deterministic, and thus predictible. He therefore does not recommend using HAVEGE on those systems. Is this the case with KVM's counters? PS. I will be setting VM CPU

I have a new centos 6 install. Randomly i get out of memory messages and my ssh file transfer dies. I have tried this in filezilla as well as winscp. I have disabled motd in ssh and i also had entropy problems so i enacted rngd -r /dev/urandom -o /dev/random but did not stop the out of memory errors. I am seeing the below in the logs. It only occurs during ssh file transfers. Feb 28 17:18:19 web1 t of memory [13604]

...efore does not > recommend using HAVEGE on those systems. Is this the case with KVM's > counters? > > PS. I will be setting VM CPU settings to host-passthrough. Hardware from circa 2011 onwards has RDRAND support, and with host-passthrough this will be available to the guest. The rngd daemon, running in the guest, can use this as a source to feed the kernel entropy. In addition QEMU has support for virtio-rng which can pull entropy from /dev/urandom on the host, and feed it into the guest, where again rngd can give it to the kernel. So why do you need to consider haveged / jit...