Re: port-xen/40739: no entropy device sourcese on 5.0_RC2 XEN3PAE_DOMU

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

The following reply was made to PR port-xen/40739; it has been noted by GNATS.

From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
To: Christoph Badura <bad%bsd.de@localhost>
Cc: gnats-bugs%netbsd.org@localhost
Subject: Re: port-xen/40739: no entropy device sourcese on 5.0_RC2 XEN3PAE_DOMU
Date: Thu, 26 Feb 2009 20:20:06 +0100

 On Thu, Feb 26, 2009 at 12:45:23PM +0100, Christoph Badura wrote:
 > On Tue, Feb 24, 2009 at 07:56:41PM +0100, Manuel Bouyer wrote:
 > > the problem in the case of a Xen domU is that there's no good source
 > > of entropy. On native systems we use the hard disk as a source
 > > of entropoy; but on a domU it's disabled because others domU could 
 > > interfere
 > > with it.
 > 
 > Entropy collection from xbd isn't disabled in Xen2 domUs.
 
 that's a mistake.
 
 >  I'm not sure I
 > buy the assertion that other domUs could interfere with the entropy 
 > collection.
 
 I'm not a crypto expert, but another domU can cause predictible delays in
 disk I/O and I suspect this is bad for entropy.
 
 > And if they did, wouldn't that then be true for xennet, too?
 
 it is, not only for xennet but for any interface on a shared network.
 that's why entropy collection on network interfaces is disabled by default
 
 > 
 > What is the actual way to interfere with entropy collection, BTW?
 
 AFAIK entropy collection on peripherals is based on delays. Anything that
 can cause or add predictible delays to I/O can interfere.
 
 > 
 > > rndctl should show xennets as a possible source of entropy, but it has
 > > to be enabled manually.
 > 
 > I guess we should enable that by default then.  Proably not only for domU
 > as diskless machines need an entropy source, too.
 
 security experts needs to be consulted on this.
 
 -- 
 Manuel Bouyer <bouyer%antioche.eu.org@localhost>
      NetBSD: 26 ans d'experience feront toujours la difference
 --