Joanna Rutkowska:
So, we have a new development: I have a steady stream of entropy in all
of my VMs using the Fedora 18 template:
[user@appvm ~]$ cat /proc/sys/kernel/random/entropy_avail
3968
[user@appvm ~]$ cat /proc/sys/kernel/random/entropy_avail
3843
Quite startling to say the least. This is in every VM based on Fedora
18, the Fedora 17 vms do not exhibit this behavior.
After investigation I'm confident this is entropy generated using
Intel's new RDRAND instruction.
Justification:
Fedora 18 introduced 'rngd' a new system daemon that is turned on by
default [1]
[user@appvm ~]$ rngd --help
Usage: rngd [OPTION...]
Check and feed random data from hardware device to kernel
entropy pool.
....
[user@appvm ~]$ sudo rngd -v
Unable to open file: /dev/tpm0
Available entropy sources:
DRNG
This being a VM, there is no TPM. But what is this DRNG?
Digging into the sourcecode of rngd [2] we find:
/*
* Confirm RDRAND capabilities for drng entropy source
*/
int init_drng_entropy_source(struct rng *ent_src)
....
This function checks for the RDRAND instruction.
Apparently xen is passing through the RDRAND instruction to the VMs. I
can confirm this with the command:
[user@appvm ~]$ cat /proc/cpuinfo | grep rdrand
flags : fpu de tsc msr pae cx8 sep cmov pat clflush mmx fxsr sse
sse2 ss ht syscall nx lm constant_tsc rep_good nopl pni pclmulqdq ssse3
cx16 pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes f16c
***rdrand*** hypervisor lahf_lm ida arat epb pln pts dtherm fsgsbase erms
---------
To verify, can someone on a non-IvyBridge system check the output of
these commands in an AppVM?
sudo service rngd status
cat /proc/cpuinfo | grep rdrand
cat /proc/sys/kernel/random/entropy_avail
Repeat the last one several times to get an idea of how fast the entropy
pool is being replenished.
~abel
[1]: section 2.4.3
https://docs.fedoraproject.org/en-US/Fedora/18/html/Release_Notes/sect-Release_Notes-Changes_for_Sysadmin.html#idm36884800
[2]:
https://kernel.googlesource.com/pub/scm/utils/kernel/rng-tools/rng-tools/+/v4/rngd_rdrand.c