Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

vm/guest: Drop obsoleted entropy-related daemons #68

Open
wants to merge 4 commits into
base: master
Choose a base branch
from

Conversation

nbraud
Copy link
Member

@nbraud nbraud commented Feb 5, 2020

  • vm/guest: uninstall rngd: unnecessary for virtio-rng since kernel 3.17, which introduced khwrngd:
    a kernel thread which provides the same functionality, but is integrated in the kernel, and started by default by the hwrng driver as soon as the device is initialized.

  • haveged unnecessary on virtual machines, which get their entropy form the host via virtio-rng:

    • vm/guest uninstall haveged;
    • base and vm/host install haveged on physical machines;
  • added a fix to vm/guest so it could be tested in check mode.

khwrngd provides the same functionality as rngd here, but is integrated in the
kernel, and started by default by the hwrng driver as soon as the device is
initialized.

It was added in Linux 3.17 by the following commit:

commit be4000bc4644d027c519b6361f5ae3bbfc52c347
Author: Torsten Duwe <[email protected]>
Date:   Sat Jun 14 23:46:03 2014 -0400

    hwrng: create filler thread

    This can be viewed as the in-kernel equivalent of hwrngd;
    like FUSE it is a good thing to have a mechanism in user land,
    but for some reasons (simplicity, secrecy, integrity, speed)
    it may be better to have it in kernel space.

    This patch creates a thread once a hwrng registers, and uses
    the previously established add_hwgenerator_randomness() to feed
    its data to the input pool as long as needed. A derating factor
    is used to bias the entropy estimation and to disable this
    mechanism entirely when set to zero.
@nbraud nbraud requested a review from equinox0815 February 5, 2020 16:23
There are no benefits to having it on the guest, since we use virtio-rng
to provide entropy from the host.

vm_guest_force_haveged is added to support overriding that, in the special
case of vex (which doesn't seem to use virtio-rng, probably because its
kernel is too ancient)
@nbraud nbraud changed the title Drop use of rngd on recent-ish kernels vm/guest: Drop obsoleted entropy-related daemons Feb 6, 2020
Doing otherwise would conflict with vm/guest.

Installing it only in vm/host is insufficient: we have physical machines that
aren't used as hypervisors, such as wuerfel.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant