16.6. Random Number Generator Device
Random number generators are very important for operating system security. For securing virtual operating systems, Red Hat Enterprise Linux 7 includes
virtio-rng
, a virtual hardware random number generator device that can provide the guest with fresh entropy on request.
On the host physical machine, the hardware RNG interface creates a chardev at
/dev/hwrng
, which can be opened and then read to fetch entropy from the host physical machine. In co-operation with the rngd
daemon, the entropy from the host physical machine can be routed to the guest virtual machine's /dev/random
, which is the primary source of randomness.
Using a random number generator is particularly useful when a device such as a keyboard, mouse, and other inputs are not enough to generate sufficient entropy on the guest virtual machine. The virtual random number generator device allows the host physical machine to pass through entropy to guest virtual machine operating systems. This procedure can be performed using either the command line or the virt-manager interface. For instructions, see below. For more information about
virtio-rng
, see Red Hat Enterprise Linux Virtual Machines: Access to Random Numbers Made Easy.
Procedure 16.11. Implementing virtio-rng using the Virtual Machine Manager
- Shut down the guest virtual machine.
- Select the guest virtual machine and from themenu, select , to open the Details window for the specified guest virtual machine.
- Click thebutton.
- In thewindow, select to open the window.
Figure 16.20. Random Number Generator window
Enter the intended parameters and click virtio-rng elements.when done. The parameters are explained in
Procedure 16.12. Implementing virtio-rng using command-line tools
- Shut down the guest virtual machine.
- Using the
virsh edit domain-name
command, open the XML file for the intended guest virtual machine. - Edit the
<devices>
element to include the following:... <devices> <rng model='virtio'> <rate period='2000' bytes='1234'/> <backend model='random'>/dev/random</backend> <!-- OR --> <backend model='egd' type='udp'> <source mode='bind' service='1234'/> <source mode='connect' host='1.2.3.4' service='1234'/> </backend> </rng> </devices> ...
Figure 16.21. Random number generator device
The random number generator device allows the following XML attributes and elements:virtio-rng elements
<model>
- The requiredmodel
attribute specifies what type of RNG device is provided.<backend model>
- The<backend>
element specifies the source of entropy to be used for the guest. The source model is configured using themodel
attribute. Supported source models include'random'
and'egd'
.<backend model='random'>
- This<backend>
type expects a non-blocking character device as input. Examples of such devices are/dev/random
and/dev/urandom
. The file name is specified as contents of the<backend>
element. When no file name is specified the hypervisor default is used.<backend model='egd'>
- This back end connects to a source using the EGD protocol. The source is specified as a character device. See character device host physical machine interface for more information.