Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

9.6. Random Number Generator (RNG) Device

virtio-rng is a virtual RNG (random number generator) device that feeds RNG data to the guest virtual machine's operating system, thereby providing fresh entropy for guest virtual machines on request.
Using an RNG is particularly useful when a device such as a keyboard, mouse and other inputs are not enough to generate sufficient entropy on the guest virtual machine. The virtio-rng device is available for both Red Hat Enterprise Linux and Windows guest virtual machines. Refer to the Note for instructions on installing the Windows requirements. Unless noted, the following descriptions are for both Red Hat Enterprise Linux and Windows guest virtual machines.
When virtio-rng is enabled on a Linux guest virtual machine, a chardev is created in the guest virtual machine at the location /dev/hwrng/. This chardev can then be opened and read to fetch entropy from the host physical machine. In order for guest virtual machines' applications to benefit from using randomness from the virtio-rng device transparently, the input from /dev/hwrng/ must be relayed to the kernel entropy pool in the guest virtual machine. This can be accomplished if the information in this location is coupled with the rgnd daemon (contained within the rng-tools).
This coupling results in the entropy to be routed to the guest virtual machine's /dev/random file. The process is done manually in Red Hat Enterprise Linux 6 guest virtual machines.
Red Hat Enterprise Linux 6 guest virtual machines are coupled by running the following command:
# rngd -b -r /dev/hwrng/ -o /dev/random/
For more assistance, run the man rngd command for an explanation of the command options shown here. For further examples, refer to Procedure 9.11, “Implementing virtio-rng with the command line tools” for configuring the virtio-rng device.

Note

Windows guest virtual machines require the driver viorng to be installed. Once installed, the virtual RNG device will work using the CNG (crypto next generation) API provided by Microsoft. Once the driver is installed, the virtrng device appears in the list of RNG providers.

Procedure 9.11. Implementing virtio-rng with the command line tools

  1. Shut down the guest virtual machine.
  2. In a terminal window, using the virsh edit domain-name command, open the XML file for the desired guest virtual machine.
  3. Edit the <devices> element to include the following:
    
      ...
      <devices>
        <rng model='virtio'>
          <rate period="2000" bytes="1234"/>
          <backend model='random'>/dev/random</backend>
               <source mode='bind' service='1234'>
               <source mode='connect' host='192.0.2.1' service='1234'>
          </backend>
        </rng>
      </devices>
      ...