Re: lack of boot-time entropy on arm64 ec2 instances
On Fri, Jan 10, 2020 at 01:33:12PM -0500, Noah Meyerhans wrote:
> On Fri, Jan 10, 2020 at 03:52:53AM +0000, Luca Filipozzi wrote:
> > Two questions (pretend i'm 6yo):
> >
> > (1) why can't AWS offer virtio-rng support (other than "we already offer
> > a RDRAND on amd64") and should Debian actively encourage their adding
> > this support?
>
> We can certainly ask. However, it is very clear that EC2 is well aware
> of the existence of virtio-rng (just look at who wrote the QEMU
> virtio-rng implementation, for example), so, without wanting to
> speculate too much, I'm going to guess that the decision to not offer it
> is an intentional one, rather than an oversight. If I learn more, and
> the organization is willing to share it publicly, I'll pass it along.
Thanks! It'd be very interesting to know the reasonsing.
> > (2) what prevents our image having virtio-rng support (if it doesn't
> > already)?
>
> The cloud kernel flavour currently only targets AWS and Azure, because
> people have put effort into making it support those services. The
> images that we generate for those services use that kernel. The images
> that we generate for other cloud services use the standard kernel, which
> does have virtio-rng support.
>
> If we want to extend the cloud kernel to support other services, we need
> to do more than just enable virtio-rng. Somebody need to come up with a
> complete list of devices that are needed for the service in question,
> and work with the kernel team ensure that support for all of them is
> enabled in the cloud kernel.
Folks working on the CCP, etc.: is it of interest to you to use the same
cloud kernel? Does this improve our users' experience to have the same
kernel across the different providers?
--
Luca Filipozzi
Reply to: