On 5/3/19 8:46 AM, Kashyap Chamarthy wrote: > When QEMU exposes a VirtIO-RNG device to the guest, that device needs a > source of entropy, and that source needs to be "non-blocking", like > `/dev/urandom`. However, currently QEMU defaults to the problematic > `/dev/random`, which is "blocking" (as in, it waits until sufficient > entropy is available). > > So change the entropy source to the recommended `/dev/urandom`. > > Related discussion in these[1][2] past threads. > > [1] https://lists.nongnu.org/archive/html/qemu-devel/2018-06/msg08335.html > -- "RNG: Any reason QEMU doesn't default to `/dev/urandom`?" > [2] https://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg02724.html > -- "[RFC] Virtio RNG: Consider changing the default entropy source to > /dev/urandom" > > Signed-off-by: Kashyap Chamarthy <kcham...@redhat.com> > --- > backends/rng-random.c | 2 +- > qemu-options.hx | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-)
I would also like to point out https://patchwork.ozlabs.org/project/qemu-devel/list/?series=97063 "[PATCH v4 00/24] Add qemu_getrandom and ARMv8.5-RNG etc" Which, if used in more rng backends, would remove direct use of either /dev/urandom or /dev/random and instead be handled by one of the crypto libraries against which we link. Which in turn may be implemented by getrandom(2) instead of the legacy /dev/files. Which would, I suppose, deprecate the file= option entirely. r~ PS: I'm not sure what the difference between backends/rng* is supposed to be, and whether that distinction is relevant.
