search

mirage / mirage-entropy

Entropy driver for MirageOS -- this has been imported into https://github.com/mirage/mirage-crypto
http://openmirage.org/
BSD 2-Clause "Simplified" License
12 stars 11 forks source link

Xen: use a seed given at compile time #7

Closed nojb closed 8 years ago

nojb commented 9 years ago

The seed is generated during mirage configure from /dev/urandom.

nojb commented 9 years ago

Closing this since it doesn't work.

avsm commented 9 years ago

I'm reopening this one as I'm unconvinced that providing the VM with a compile-time onetime pad is actually a bad idea. This is strictly more entropy than an otherwise purely virtual host would have...

samoht commented 8 years ago

@avsm should we re-close this? I think we have a much better entropy story now /cc @hannesm and @pqwy

hannesm commented 8 years ago

I'm happy with closing this.

now with functoria this should be straightforward to embed configure / startup time static seeds, but then there's no way to ensure that every compiled unikernel is started only once, or that the boot parameter changes every time (until we've infrastructure which has this invariant, I wouldn't be happy with such a feature in mirage-entropy).

FWIW it would be nice to have a static seed for testing, but I'd rather do this on a branch and never in a released mirage-entropy.