On Sun, 27 Jan 2013, Damien Miller wrote:
On Fri, 25 Jan 2013, Stefan Fritsch wrote:
Hi,
qemu 1.3 has added a virtio entropy device. Here is a driver for it.
Comments?
OKs?
As the entropy reserve of the host may not be unlimited, the OpenBSD guest
should only ask for entropy when it actually needs it. Would it make sense to
add an API that allows a driver to determine how full the entropy queue is?
This could also be used by some hardware drivers to avoid polling for entropy
if not necessary. E.g. amdpm does the polling in every timer tick, which is
wasteful.
I don't think such an API is necessary.
For this particular case, I agree with Kettenis that if qemu allows exhaustion
of the hypervisor's PRNG using this call then the bug lies with qemu.
Qemu can do rate limiting, so it can prevent the host's entropy from being
drained. But then guests that actually have need of lots of good entropy
won't be able to get it.
That being said, if you want to avoid this bug then reading a largeish
seed once at system boot and stirring it into the PRNG would be sufficient
to ensure the PRNG pool is unpredictable to an adversary who tries to guess
its state.
That's more or less what the driver I posted does. But with the API to
query the random queue's state it could do better than that.
