From: Tobias Brunner <tobias@strongswan.org>
Date: Mon, 24 Aug 2020 13:33:44 +0000 (+0200)
Subject: testing: Use host's /dev/urandom as /dev/random on guests via VirtIO RNG
X-Git-Tag: 5.9.1dr1~21^2~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5747ec4eae43960053d107b41128acc88f6235c9;p=thirdparty%2Fstrongswan.git

testing: Use host's /dev/urandom as /dev/random on guests via VirtIO RNG

Newer versions of systemd etc. seem to require quite a lot of entropy
from /dev/random while booting, which can block and therefore delay the
start of other services (in particular sshd) by more than a minute.
Using the host's /dev/urandom via VirtIO RNG, we can avoid blocking the
guests.

The required kernel options are added for kernel versions 5.4+.
---

diff --git a/testing/config/kernel/config-5.4 b/testing/config/kernel/config-5.4
index a4a16b1106..5b89e830dc 100644
--- a/testing/config/kernel/config-5.4
+++ b/testing/config/kernel/config-5.4
@@ -1660,7 +1660,12 @@ CONFIG_DEVKMEM=y
 CONFIG_HVC_DRIVER=y
 CONFIG_VIRTIO_CONSOLE=y
 # CONFIG_IPMI_HANDLER is not set
-# CONFIG_HW_RANDOM is not set
+CONFIG_HW_RANDOM=y
+# CONFIG_HW_RANDOM_TIMERIOMEM is not set
+CONFIG_HW_RANDOM_INTEL=y
+CONFIG_HW_RANDOM_AMD=y
+# CONFIG_HW_RANDOM_VIA is not set
+CONFIG_HW_RANDOM_VIRTIO=y
 # CONFIG_NVRAM is not set
 # CONFIG_APPLICOM is not set
 # CONFIG_MWAVE is not set
diff --git a/testing/config/kernel/config-5.5 b/testing/config/kernel/config-5.5
index 38b1ef2db7..9df7471c24 100644
--- a/testing/config/kernel/config-5.5
+++ b/testing/config/kernel/config-5.5
@@ -1627,7 +1627,12 @@ CONFIG_DEVKMEM=y
 CONFIG_HVC_DRIVER=y
 CONFIG_VIRTIO_CONSOLE=y
 # CONFIG_IPMI_HANDLER is not set
-# CONFIG_HW_RANDOM is not set
+CONFIG_HW_RANDOM=y
+# CONFIG_HW_RANDOM_TIMERIOMEM is not set
+CONFIG_HW_RANDOM_INTEL=y
+CONFIG_HW_RANDOM_AMD=y
+# CONFIG_HW_RANDOM_VIA is not set
+CONFIG_HW_RANDOM_VIRTIO=y
 # CONFIG_NVRAM is not set
 # CONFIG_APPLICOM is not set
 # CONFIG_MWAVE is not set
diff --git a/testing/config/kernel/config-5.7 b/testing/config/kernel/config-5.7
index 77a1e68d94..e1d8c5be77 100644
--- a/testing/config/kernel/config-5.7
+++ b/testing/config/kernel/config-5.7
@@ -1641,7 +1641,12 @@ CONFIG_HVC_DRIVER=y
 # CONFIG_SERIAL_DEV_BUS is not set
 CONFIG_VIRTIO_CONSOLE=y
 # CONFIG_IPMI_HANDLER is not set
-# CONFIG_HW_RANDOM is not set
+CONFIG_HW_RANDOM=y
+# CONFIG_HW_RANDOM_TIMERIOMEM is not set
+CONFIG_HW_RANDOM_INTEL=y
+CONFIG_HW_RANDOM_AMD=y
+# CONFIG_HW_RANDOM_VIA is not set
+CONFIG_HW_RANDOM_VIRTIO=y
 # CONFIG_APPLICOM is not set
 # CONFIG_MWAVE is not set
 CONFIG_DEVMEM=y
diff --git a/testing/config/kvm/alice.xml b/testing/config/kvm/alice.xml
index c8ff289dba..d2a7e032b6 100644
--- a/testing/config/kvm/alice.xml
+++ b/testing/config/kvm/alice.xml
@@ -68,5 +68,8 @@
     <memballoon model='virtio'>
       <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
     </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+    </rng>
   </devices>
 </domain>
diff --git a/testing/config/kvm/bob.xml b/testing/config/kvm/bob.xml
index 0b433a4372..48bef74868 100644
--- a/testing/config/kvm/bob.xml
+++ b/testing/config/kvm/bob.xml
@@ -61,5 +61,8 @@
     <memballoon model='virtio'>
       <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
     </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+    </rng>
   </devices>
 </domain>
diff --git a/testing/config/kvm/carol.xml b/testing/config/kvm/carol.xml
index 3eb163f6ce..d7249c38c8 100644
--- a/testing/config/kvm/carol.xml
+++ b/testing/config/kvm/carol.xml
@@ -61,5 +61,8 @@
     <memballoon model='virtio'>
       <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
     </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+    </rng>
   </devices>
 </domain>
diff --git a/testing/config/kvm/dave.xml b/testing/config/kvm/dave.xml
index d8d05a9e91..bf070f1b13 100644
--- a/testing/config/kvm/dave.xml
+++ b/testing/config/kvm/dave.xml
@@ -61,5 +61,8 @@
     <memballoon model='virtio'>
       <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
     </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+    </rng>
   </devices>
 </domain>
diff --git a/testing/config/kvm/moon.xml b/testing/config/kvm/moon.xml
index 943ab35b51..4ffaf809a8 100644
--- a/testing/config/kvm/moon.xml
+++ b/testing/config/kvm/moon.xml
@@ -73,5 +73,8 @@
     <memballoon model='virtio'>
       <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
     </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+    </rng>
   </devices>
 </domain>
diff --git a/testing/config/kvm/sun.xml b/testing/config/kvm/sun.xml
index 893a4aa379..2e5a382ea0 100644
--- a/testing/config/kvm/sun.xml
+++ b/testing/config/kvm/sun.xml
@@ -73,5 +73,8 @@
     <memballoon model='virtio'>
       <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
     </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+    </rng>
   </devices>
 </domain>
diff --git a/testing/config/kvm/winnetou.xml b/testing/config/kvm/winnetou.xml
index 59d7184f63..3b42e38f27 100644
--- a/testing/config/kvm/winnetou.xml
+++ b/testing/config/kvm/winnetou.xml
@@ -66,5 +66,8 @@
     <memballoon model='virtio'>
       <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
     </memballoon>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+    </rng>
   </devices>
 </domain>