port-xen/59980: channel to pass entropy from host dom0 to guest domU

To: port-xen-maintainer%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: port-xen/59980: channel to pass entropy from host dom0 to guest domU
From: "campbell+netbsd%mumble.net@localhost via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Sun, 8 Feb 2026 04:25:00 +0000 (UTC)

>Number:         59980
>Category:       port-xen
>Synopsis:       channel to pass entropy from host dom0 to guest domU
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-xen-maintainer
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sun Feb 08 04:25:00 +0000 2026
>Originator:     Taylor R Campbell
>Release:        current, 11, 10, 9, ...
>Organization:
>Environment:
>Description:
On older or lower-end x86 machines without RDRAND/RDSEED, Xen guests need help from the host to get entropy.
>How-To-Repeat:
Boot a fresh domU guest on an older or lower-end x86 machine:

Waiting for entropy...[   2.8807908] entropy: pid 329 (dd) waiting for entropy(7)                                                                               

Whatever the domU kernel is actually using is not confidence-inspiring:
>Fix:
1. Something with xenstore?  (Not sure if this is secret, though.)
2. Something with virtio-rng?
3. Something with Xen pv channels, if they can be made to work?

Best approach I have for now is to copy & paste a sample from /dev/urandom on the dom0 into the domU over the Xen console, but this should be reliably automated.

Prev by Date: bin/59979: sshd -T doesn't print UsePam
Previous by Thread: bin/59979: sshd -T doesn't print UsePam
Indexes:

Home | Main Index | Thread Index | Old Index