On 6/9/18 12:41 AM, Nicolas Braud-Santoni wrote: > On Fri, Jun 08, 2018 at 07:37:09PM +0000, Holger Levsen wrote: >> On Fri, Jun 08, 2018 at 09:27:10PM +0200, Nicolas Braud-Santoni wrote: >>> On virtual machines, however, the data that the HAVEGE algorithm produces >>> is not necessarily unpredictable [1]; hence, we shouldn't install haveged >>> on those environments. >> interesting, thanks! sadly it doesnt say which virtualisation environments >> were/are affected. > IIRC, back then VMware ESXi was the only platform virtualizing the rdtsc > instruction, but 1) I do not have access to it to test (nor do I want to) > 2) other virtualization platforms, now or in the future, might do this too.
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/ZufallinVMS/Randomness-in-VMs.pdf?__blob=publicationFile&v=3 has an interesting discussion of the various problems in VMs, but sadly is also quiet in a bunch of areas because they could not conclusively deduce *from documentation* what happens with certain hypervisors. On the other hand they list a bunch of sources we should probably all try to mix in, on both real and virtualized hardware. >From a threat model perspective we should not try to defend against an actively malicious hypervisor. And if people want to very accurately emulate the hardware so that virtualization is not detectable, they might not want randomness either / should arrange for it differently if they need it. So the question is if we can prevent people from shooting themselves into the foot and making their life actively worse with this change. Kind regards Philipp Kern
