Re: lack of boot-time entropy on arm64 ec2 instances

To: debian-cloud@lists.debian.org
Subject: Re: lack of boot-time entropy on arm64 ec2 instances
From: Noah Meyerhans <noahm@debian.org>
Date: Fri, 10 Jan 2020 13:33:12 -0500
Message-id: <[🔎] 20200110183312.GA28221@morgul.net>
In-reply-to: <[🔎] 20200110035253.p6tpqbtgy6in4hgz@snafu.emyr.net>
References: <[🔎] 20200108201713.bltwcjzo6d5doerb@snafu.emyr.net> <[🔎] 20200108212935.GF31539@morgul.net> <[🔎] 20200109004128.klwpvpmhmrnejq4y@snafu.emyr.net> <[🔎] 20200109011141.dr6gipjtpgnymiwe@snafu.emyr.net> <[🔎] 20200109042534.GB3527@mit.edu> <[🔎] 20200109054705.cnvwr73dqswktaqq@snafu.emyr.net> <[🔎] b6b25f61-0d25-f7ab-da14-3c671eb999d3@hyperone.com> <[🔎] 20200109191520.5blzmty37mgxw3ur@yuggoth.org> <[🔎] 20200109215658.GB41242@mit.edu> <[🔎] 20200110035253.p6tpqbtgy6in4hgz@snafu.emyr.net>

On Fri, Jan 10, 2020 at 03:52:53AM +0000, Luca Filipozzi wrote:
> Two questions (pretend i'm 6yo):
> 
> (1) why can't AWS offer virtio-rng support (other than "we already offer
> a RDRAND on amd64") and should Debian actively encourage their adding
> this support?

We can certainly ask.  However, it is very clear that EC2 is well aware
of the existence of virtio-rng (just look at who wrote the QEMU
virtio-rng implementation, for example), so, without wanting to
speculate too much, I'm going to guess that the decision to not offer it
is an intentional one, rather than an oversight.  If I learn more, and
the organization is willing to share it publicly, I'll pass it along.

> (2) what prevents our image having virtio-rng support (if it doesn't
> already)?

The cloud kernel flavour currently only targets AWS and Azure, because
people have put effort into making it support those services.  The
images that we generate for those services use that kernel.  The images
that we generate for other cloud services use the standard kernel, which
does have virtio-rng support.

If we want to extend the cloud kernel to support other services, we need
to do more than just enable virtio-rng.  Somebody need to come up with a
complete list of devices that are needed for the service in question,
and work with the kernel team ensure that support for all of them is
enabled in the cloud kernel.

noah

Reply to:

Follow-Ups:
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: Luca Filipozzi <lfilipoz@emyr.net>

References:
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: Luca Filipozzi <lfilipoz@emyr.net>
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: Noah Meyerhans <noahm@debian.org>
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: Luca Filipozzi <lfilipoz@emyr.net>
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: Luca Filipozzi <lfilipoz@emyr.net>
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: "Theodore Y. Ts'o" <tytso@mit.edu>
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: Luca Filipozzi <lfilipoz@emyr.net>
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: Adam Dobrawy <a.dobrawy@hyperone.com>
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: Jeremy Stanley <fungi@yuggoth.org>
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: "Theodore Y. Ts'o" <tytso@mit.edu>
- Re: lack of boot-time entropy on arm64 ec2 instances
  - From: Luca Filipozzi <lfilipoz@emyr.net>

Prev by Date: Re: Setting-up the Debian Cloud Image Finder (DCIF ?) in production
Next by Date: Re: Setting-up the Debian Cloud Image Finder (DCIF ?) in production
Previous by thread: Re: lack of boot-time entropy on arm64 ec2 instances
Next by thread: Re: lack of boot-time entropy on arm64 ec2 instances
Index(es):
- Date
- Thread