Trace: » documentation » code_fragments » lender » zetnet » virtio-rng
You are here: Welcome » Mk4 project page » Open source projects at Collabora » Virtio-RNG

Virtio-RNG

This was my first project when I joined Collabora. We needed to find a solution for getting entropy from this hardware into guest virtual machines. Guest VMs have very little 'real' IO and thus struggle to generate significant amounts of good quality entropy. This is important where the guest OSes need to be able to generate cryptographically secure information.

The existing solution was to tunnel the data into the guests via TCP from their host. My project was to implement a solution using qemus virtio framework. There already existed a kernel driver for guests running under Rusty's hypervisor, so I used that as my reference.

I started by implementing a basic passthrough of the hosts /dev/random through virtio-rng, which worked, and served as an introduction to the qemu codebase.

This was later updated to use qemus chardev API, which allowed it to read data from a TCP socket (the hardware is run by a daemon that feeds out EGD protocol data via TCP). Implementing EGD wasnt hard, its a very simple protocol.

Unfortunately, qemus chardev API does not handle the case where a connection is lost¸ so my next round of patches was designed to remedy that, implementing a reconnect option and timeout in qemu's chardev API, and completing the virtio-rng project.

Qemu patch

Linux patch will be in 2.6.33, in linux-next at the time of writing.

Todo

  • Improved rate limiting
  • SSL support
 
home/projects/collabora/virtio-rng.txt · Last modified: 2009/12/17 17:37 by ian
 
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki