Show Table of Contents
16.6. Random Number Generator Device
Random number generators are very important for operating system security. For securing virtual operating systems, Red Hat Enterprise Linux 7 includes
virtio-rng, a virtual hardware random number generator device that can provide the guest with fresh entropy on request.
On the host physical machine, the hardware RNG interface creates a chardev at
/dev/hwrng, which can be opened and then read to fetch entropy from the host physical machine. In co-operation with the rngd daemon, the entropy from the host physical machine can be routed to the guest virtual machine's /dev/random, which is the primary source of randomness.
Using a random number generator is particularly useful when a device such as a keyboard, mouse, and other inputs are not enough to generate sufficient entropy on the guest virtual machine. The virtual random number generator device allows the host physical machine to pass through entropy to guest virtual machine operating systems. This procedure can be performed using either the command line or the virt-manager interface. For more information about
virtio-rng, see Red Hat Enterprise Linux Virtual Machines: Access to Random Numbers Made Easy.
Procedure 16.11. Implementing virtio-rng using the Virtual Machine Manager
- Shut down the guest virtual machine.
- Select the guest virtual machine and from the menu, select , to open the Details window for the specified guest virtual machine.
- Click the button.
- In the window, select to open the window.
Figure 16.20. Random Number Generator window
Enter the intended parameters and click when done. The parameters are explained in virtio-rng elements.
Procedure 16.12. Implementing virtio-rng using command-line tools
- Shut down the guest virtual machine.
- Using the
virsh edit domain-namecommand, open the XML file for the intended guest virtual machine. - Edit the
<devices>element to include the following:... <devices> <rng model='virtio'> <rate period='2000' bytes='1234'/> <backend model='random'>/dev/random</backend> <!-- OR --> <backend model='egd' type='udp'> <source mode='bind' service='1234'/> <source mode='connect' host='1.2.3.4' service='1234'/> </backend> </rng> </devices> ...Figure 16.21. Random number generator device
The random number generator device allows the following XML attributes and elements:virtio-rng elements
<model>- The requiredmodelattribute specifies what type of RNG device is provided.<backend model>- The<backend>element specifies the source of entropy to be used for the guest. The source model is configured using themodelattribute. Supported source models include'random'and'egd'.<backend model='random'>- This<backend>type expects a non-blocking character device as input. Examples of such devices are/dev/randomand/dev/urandom. The file name is specified as contents of the<backend>element. When no file name is specified the hypervisor default is used.<backend model='egd'>- This back end connects to a source using the EGD protocol. The source is specified as a character device. See character device host physical machine interface for more information.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.