1 # ChaosKey and Virtual Machines
3 Using ChaosKey in a bare metal environment is really easy; you just
4 plug it in and your kernel entropy pool is chock full and ready to go.
6 Sharing random data with guests running on the same machine is pretty
7 straight forward as well as kvm and qemu have a pass-through device,
8 virtio-rng, which can pull data from the host entropy pool and use
11 ## Adding an rng device to the virtual machine
13 First, you'll need to configure qemu to provide a virtual device
16 ### Adding an rng device with virt-manager
18 Virt-manager provides a graphical interface to managing virtual
21 <img src="images/virt-manager.png"/>
23 Select the host you want to add the virtio-rng device to, open it up
24 and click on the lightbulb (Show virtual hardware details) button:
26 <img src="images/machine-overview.png"/>
28 Click on the +Add Hardware button to open up the Add New Virtual
31 <img src="images/add-hardware.png"/>
33 Select RNG to show the Random Number Generator view:
35 <img src="images/add-rng.png"/>
37 Click on Finish and you're all done.
39 ### Adding an rng device with virsh edit
45 Add the virtio-rng device inside the <devices></devices> element:
50 <backend model='random'>/dev/random</backend>
51 <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
55 ## Adding virtio-rng to the guest OS
57 If you're using a distribution kernel in the guest, it should already
58 have the virtio-rng device built and available. Once you have the
59 device available in the virtual machine, boot the guest and
60 check to make sure the virtio_rng module has been loaded.
62 For guests running kernel version 3.17 or later, that's all you need
63 to do -- the kernel will automatically create a thread to read data as
64 needed from the host's random pool.
66 For guests running kernel version 3.16 or older, the kernel doesn't
67 create a thread to read data from the host, so you need to run the
68 rngd daemon. On Debian, that's a simple matter of installing the
69 rng-tools package. Other distributions presumably have a package that
70 does something similar.