Random numbers and virtual-machine forks
Random numbers and virtual-machine forks
Posted Mar 14, 2022 8:43 UTC (Mon) by Wol (subscriber, #4433)In reply to: Random numbers and virtual-machine forks by Otus
Parent article: Random numbers and virtual-machine forks
All it takes is an application (which doesn't know) to access RDRAND directly, and you're in trouble.
The article gives the example of Wireguard, which when it hits one of these, locks the system HARD. Actually, that could possibly be behind why my system locks up every now and then ...
Cheers,
Wol
Posted Mar 14, 2022 16:11 UTC (Mon)
by Otus (subscriber, #67685)
[Link]
I do wonder if the latter should be something more generic (not tied to vmid), since I can easily imagine other cases where you might want to tell everyone to reseed. For example, if you are using something like systemd-random-seed.service to feed entropy you trust more than the kernel's entropy collection during boot.
But anyway, that's just academical, clearly something like this is required. Thanks.
Random numbers and virtual-machine forks