-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use /qubes-random-seed #34
Comments
That sounds very sensible! Do you have any suggestions regarding where it might make sense to patch this in?
|
imho this should go into mirage-entropy (likely a mirage-entropy qubes variant should be created that mixes the random-seed (is this constant, or does it change over the lifetime?)) -- mirage-entropy is nowadays used by all (mirage-random-stdlib/nocrypto) RNG with MirageOS (there's only ever one which is seeded and used by the unikernel) |
The entry is there to seed the CSPRNG of VMs at early boot before they have been able to collect their own entropy. The equivalent in Linux is
|
I asked @marmarek about |
QubesDB provides us with some extra entropy in
/qubes-random-seed
. If we configure a Qubes unikernel with a random number generator, it should probably mix this in somehow.The text was updated successfully, but these errors were encountered: