Difference between revisions of "VirtEntropyProvision"
| Line 1: | Line 1: | ||
__NOTOC__ | __NOTOC__ | ||
= Virtual Machine Entropy Provision = | = Virtual Machine Entropy Provision = | ||
| − | + | In a bare metal system, an operating system kernel has a number of sources for collecting seed data for their entropy pools eg disks, NICs, mouse movement, interrupts, and more. Most, if not all, of these sources are unavailable to virtual machines, either because they lack the hardware entirely (eg headless with no mouse), or the hardware does not provide satisfactory entropy (virtualized NICs/disk). The result is that virtual machines often have difficulty providing enough entropy to processes they run, especially crypto functions which require entropy from /dev/random rather than /dev/urandom. | |
| − | In a bare metal system, an operating system kernel has a number of sources for collecting seed data for their entropy pools eg disks, NICs, mouse movement, interrupts, and more. Most, if not all, of these sources are unavailable to virtual machines, either because they lack the hardware entirely (eg headless with no mouse), or the hardware does not provide satisfactory entropy (virtualized NICs/disk). The result is that virtual machines often have difficulty providing enough entropy to processes they run, especially crypto functions which require entropy from /dev/random rather than /dev/urandom. | ||
The goal of this document is to examine how [[OpenStack]] Nova can provide further data to guest operating systems that is suitable for seeding their random entropy pool. | The goal of this document is to examine how [[OpenStack]] Nova can provide further data to guest operating systems that is suitable for seeding their random entropy pool. | ||
== Sources of entropy == | == Sources of entropy == | ||
| − | |||
Beyond the traditional schemes a Linux kernel uses, there are a number of possible sources of entropy | Beyond the traditional schemes a Linux kernel uses, there are a number of possible sources of entropy | ||
=== CPU RNGs === | === CPU RNGs === | ||
| − | |||
With the [[IvyBridge]] line of processors, Intel introduced an on-chip random number generator, accessible via a new RDRAND instruction | With the [[IvyBridge]] line of processors, Intel introduced an on-chip random number generator, accessible via a new RDRAND instruction | ||
| − | + | * http://en.wikipedia.org/wiki/RdRand | |
The Linux kernel is able to use this instruction to feed its /dev/urandom pool, but will not use it for /dev/random. | The Linux kernel is able to use this instruction to feed its /dev/urandom pool, but will not use it for /dev/random. | ||
The rng-utils package contains the rngd daemon which is also able to make use of this instruction, and after cryptographically validating the quality random numbers, will populate the kernels random pool, making entropy available via /dev/random. | The rng-utils package contains the rngd daemon which is also able to make use of this instruction, and after cryptographically validating the quality random numbers, will populate the kernels random pool, making entropy available via /dev/random. | ||
| + | |||
| + | * http://linux.die.net/man/8/rngd | ||
The RDRAND instruction is capable of providing as much as 800 GBytes/second of random data. | The RDRAND instruction is capable of providing as much as 800 GBytes/second of random data. | ||
=== TPM RNGs === | === TPM RNGs === | ||
| − | |||
Trusted Platform Module chips, which are common on many hardware platforms, typically provide an hardware random number generator. On Linux these can be accessed via /dev/tpm device nodes. | Trusted Platform Module chips, which are common on many hardware platforms, typically provide an hardware random number generator. On Linux these can be accessed via /dev/tpm device nodes. | ||
| Line 31: | Line 29: | ||
=== Dedicated Hardware RNG devices === | === Dedicated Hardware RNG devices === | ||
| − | |||
There exist various options for external / addon hardware RNG generators. For example, the [[EntropyKey]] is a low cost USB based hardware RNG | There exist various options for external / addon hardware RNG generators. For example, the [[EntropyKey]] is a low cost USB based hardware RNG | ||
| − | + | * http://www.entropykey.co.uk/ | |
It comes with software that will feed the random numbers into the kernel's random pool making entropy available via /dev/random | It comes with software that will feed the random numbers into the kernel's random pool making entropy available via /dev/random | ||
=== Software entropy gathering === | === Software entropy gathering === | ||
| + | It is possible to provide userspace software packages which gather further entropy based on activity in the OS and feed it into the kernel's random pool. One example is EGD: | ||
| + | |||
| + | * http://egd.sourceforge.net/ | ||
| + | |||
| + | The protocol defined by EGD is also implemented by a number of other programs, for compatibility. eg ssh, gpg, qemu. | ||
| + | |||
| + | Another software solution is CSRNG | ||
| − | + | * http://code.google.com/p/csrng/ | |
| − | + | == Providing entropy to guests == | |
Revision as of 15:28, 19 December 2012
Virtual Machine Entropy Provision
In a bare metal system, an operating system kernel has a number of sources for collecting seed data for their entropy pools eg disks, NICs, mouse movement, interrupts, and more. Most, if not all, of these sources are unavailable to virtual machines, either because they lack the hardware entirely (eg headless with no mouse), or the hardware does not provide satisfactory entropy (virtualized NICs/disk). The result is that virtual machines often have difficulty providing enough entropy to processes they run, especially crypto functions which require entropy from /dev/random rather than /dev/urandom.
The goal of this document is to examine how OpenStack Nova can provide further data to guest operating systems that is suitable for seeding their random entropy pool.
Sources of entropy
Beyond the traditional schemes a Linux kernel uses, there are a number of possible sources of entropy
CPU RNGs
With the IvyBridge line of processors, Intel introduced an on-chip random number generator, accessible via a new RDRAND instruction
The Linux kernel is able to use this instruction to feed its /dev/urandom pool, but will not use it for /dev/random.
The rng-utils package contains the rngd daemon which is also able to make use of this instruction, and after cryptographically validating the quality random numbers, will populate the kernels random pool, making entropy available via /dev/random.
The RDRAND instruction is capable of providing as much as 800 GBytes/second of random data.
TPM RNGs
Trusted Platform Module chips, which are common on many hardware platforms, typically provide an hardware random number generator. On Linux these can be accessed via /dev/tpm device nodes.
The rng-utils package rngd daemon can again obtain data from the TPM RNGs to re-populate the kernel's random pool, making entropy available via /dev/random
Data rates available vary according to the precise hardware in use, so no clear figures are available
Dedicated Hardware RNG devices
There exist various options for external / addon hardware RNG generators. For example, the EntropyKey is a low cost USB based hardware RNG
It comes with software that will feed the random numbers into the kernel's random pool making entropy available via /dev/random
Software entropy gathering
It is possible to provide userspace software packages which gather further entropy based on activity in the OS and feed it into the kernel's random pool. One example is EGD:
The protocol defined by EGD is also implemented by a number of other programs, for compatibility. eg ssh, gpg, qemu.
Another software solution is CSRNG
