Re: lack of boot-time entropy on arm64 ec2 instances
On Thu, Jan 09, 2020 at 04:56:58PM -0500, Theodore Y. Ts'o wrote:
> On Thu, Jan 09, 2020 at 07:15:20PM +0000, Jeremy Stanley wrote:
> > On 2020-01-09 13:18:24 +0100 (+0100), Adam Dobrawy wrote:
> > [...]
> > > I wonder if the correct criterion for the cloud image is
> > > compatibility with AWS and GCP only. I suppose a large number of
> > > deployment are based on private cloud environments (OpenStack
> > > etc.).
> > [...]
> >
> > Setting aside for the moment that there are plenty of
> > OpenStack-based public cloud providers too (at last count, far more
> > than there are proprietary cloud providers because, hey, free
> > software!), the vast majority of OpenStack deployments rely on KVM
> > for their hypervisor layer which has had VirtIO-RNG since ages.
> > Works just fine for OpenStack as long as the administrator turns it
> > on.
>
> More to the point, in response to customer demand, a lot of enterprise
> customers have demanded, and most/all of the cloud companies have
> responded to that demand, product offerrings which support hybrid
> cloud approaches. And it's very likely that those on-prem VM's will
> be using KVM as their hypervisor.
>
> That aside, if the cloud image is supposed to be compatible with GCP,
> then that would be a good enough reason on its own to support
> virtio-rng, since GCP supports virtio-rng today.
Two questions (pretend i'm 6yo):
(1) why can't AWS offer virtio-rng support (other than "we already offer
a RDRAND on amd64") and should Debian actively encourage their adding
this support?
(2) what prevents our image having virtio-rng support (if it doesn't
already)?
--
Luca Filipozzi
Reply to: