forward randomness from /dev/random to VMs in Qubes

Information

ID: 31
PHID: PHID-TASK-tetamvbpphxryc3gsxom
Author: Patrick
Status at Migration Time: open
Priority at Migration Time: Normal

Description

Talked to Joanna at C1C3.

Qubes does not forward real randomness from /dev/random to VMs yet. They have no plans to add this feature yet.

Although Qubes installs haveged by default, it’s not clear if that is random enough. Randomness is a very difficult topic. Difficult to get down the rabbit hole. It’s better to bootstrap haveged with strong entropy and to have multiple sources of randomness.

In comparison, for KVM there is VirtIO RNG.

VirtIO RNG is a paravirtualized device that is exposed as a hardware RNG device to the guest.

And I don’t think they implemented this because they were bored. I think in this case it’s better to be safe than sorry.

She said one could implement this using qrexec and that they would merge a patch implementing this.

See also:

• Improve entropy collection in VMs · Issue #673 · QubesOS/qubes-issues · GitHub
• Improve entropy collection in VMs · Issue #673 · QubesOS/qubes-issues · GitHub

General info on randomness:

• Entropy, Randomness, /dev/random vs /dev/urandom, Entropy Sources, Entropy Gathering Daemons, RDRAND

Forum Discussion:

• Whonix Forum

Comments