Re: nothing contributing entropy in Xen domUs? (causing python3.7 rebuild to get stuck in kernel in "entropy" during an "import" statement)

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

On Tue, Mar 30, 2021 at 10:42:53PM +0000, Taylor R Campbell wrote:
> > Date: Tue, 30 Mar 2021 23:53:43 +0200
> > From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
> > 
> > On Tue, Mar 30, 2021 at 02:40:18PM -0700, Greg A. Woods wrote:
> > > [...]
> > > 
> > > Perhaps the answer is that nothing seems to be contributing anything to
> > > the entropy pool.  No matter what device I exercise, none of the numbers
> > > in the following changes:
> > 
> > yes, it's been this way since the rnd rototill. Virtual devices are
> > not trusted.
> > 
> > The only way is to manually seed the pool.
> 
> This is false.  The virtual RNG drivers (viornd(4) [1], rump
> hyperentropy [2], maybe others) all assume the VM host provides
> samples with full entropy.  This has always been the case, and this
> didn't change at all in the rototill last year.
> 
> There are no virtual RNG devices on the system in question, according
> to the quoted `rndctl -l' output.  Perhaps the VM host needs to be
> taught to expose a virtio-rng device to the guest?

There is no such thing in Xen.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--