Red Hat Enterprise Linux Virtual Machines: Access to Random Numbers Made Easy

Having access to quality random numbers is essential for correct and secure operation of operating systems. Operating systems need random numbers from an entropy pool for a variety of tasks, like creating secure SSH or GPG/PGP keypairs, generating random PIDs for processes, generating TCP sequence numbers, and generating UUIDs.

With Red Hat Enterprise Linux 7 we introduced the virtio RNG (Random Number Generator) device that provides KVM virtual machines access to entropy from the host machine.  Red Hat Enterprise Virtualization starting version 3.5 also has exposed this feature.  We have since made improvements to Red Hat Enterprise Linux guests to make the feature easier and more straightforward to use.

A Brief Introduction to virtio and Paravirtualized Devices

virtio is the paravirtualized transport framework for KVM virtual machines. Using the virtio framework, new devices can be written specifically for virtualization use-cases, which are much faster and easier to manage as compared to emulation of devices that mimic real hardware. The device part of the paravirtualized endpoint is written in QEMU (which is part of the hypervisor), and the driver is present in the guest kernel.

Random Numbers in Virtual Machines

As mentioned above, the virtio-rng device was made available with Red Hat Enterprise Linux 7.0. The driver is available in all minor versions of Red Hat Enterprise Linux 6 as well as Red Hat Enterprise Linux 7. This means a Red Hat Enterprise Linux 6 guest started on a Red Hat Enterprise Linux 7 host has access to the entropy shared by the host. A virtio RNG driver for Microsoft Windows guests is available as well, as part of our certified virtio driver bundle for Windows guests.

randomWe recommend using a hardware random number generator (hwrng) device on the host (see image above) such that the host has enough entropy available to service the requests from all its guests as well as other applications on the host.

With the recommended setup, the hwrng will feed into the host Linux kernel’s entropy pool (via /dev/random), and QEMU will use /dev/random as the source for entropy requested by guests. Using Linux’s /dev/random as source is beneficial in two respects: first, the input from the hwrng is mixed with other entropy that gets generated on the host systems. This ensures only one source does not control the input passed to guests (and, indeed, to other applications on the host). Secondly, live migration of virtual machines does not depend on the physical hwrng; different servers in a cluster can use hwrngs from various vendors, and not being tied down to a particular model or brand.

In collaboration with Linux kernel contributors, we have added several features to the upstream Linux kernel, and have backported some of them to the Red Hat Enterprise Linux 7.1 kernel. An overview of some of the key additions in Red Hat Enterprise Linux 7.1, when used as the guest operating system, are listed below.

Initial Seed

When the virtio-rng module is loaded by the guest kernel, the guest kernel now makes a request to the host for a few bits of entropy to seed its initial kernel pool. Doing this makes better randomness available to the guest kernel from early boot phase, making many operations secure right from the start.

No rngd Needed

Red Hat Enterprise Linux 7.0 and Red Hat Enterprise Linux 6 guests could make use of the entropy from hosts via the rngd userspace daemon. Setting up the daemon was a manual step for each Red Hat Enterprise Linux install.

With Red Hat Enterprise Linux 7.1 the manual step has been eliminated making the entire process seamless and automatic.

The use of rngd is now not required and the guest kernel itself fetches entropy from the host when the available entropy falls below a specific threshold. The guest kernel is then in a position to make random numbers available to applications as soon as they request them.


The Red Hat Enterprise Linux installer, Anaconda, now provides the virtio-rng module in its installer image, making available host entropy during Red Hat Enterprise Linux installation. This is useful for setting up disk encryption during installation, when access to readily available random numbers is essential to ensure a quick install process. Thanks to the previously-listed enhancements, the Red Hat Enterprise Linux 7.1 installer in guests will transparently have access to host entropy during the install process.

Benefits to Minimal Cloud Images

Cloud images which need access to random numbers during setup phase to generate SSH public/private keypairs also benefit from these changes as the process is now entirely automated.  This makes spinning up cloud images an extremely fast operation, as the wait for gathering entropy for getting random numbers are now eliminated.

Accessing Random Numbers in Guests

The great thing about the virtio-rng is that no changes are necessary to existing (or new) applications. Whether applications run on bare-metal hardware or inside guests, they continue using the Linux special device file /dev/urandom to request random numbers from the kernel. Applications like openssh and gpg, which require access to strong entropy, can continue using the /dev/random device for input.

As of this writing, KVM is the only hypervisor that offers an RNG to virtual machines. With features like virtio-rng, we continue to ensure that Red Hat Enterprise Linux is one of the most secure operating systems (and hypervisors) available to run our customers’ mission-critical applications. As we plan to keep adding more such features with each release, odds are that you’ll hear from me again soon. In the mean time, if you have questions or thoughts about this post, I encourage you to reach out using the comments section below.

  1. Hi!

    Thanks for the article. Is there any recommended hardware RNG that can be installed into server as an expansion card and is supported by RHEL? Thanks!

    1. Hi Konstantin,

      There are several supported cards. PCI-based ones are easier to setup than USB-based ones, simply because the kernel identifies the PCI-based ones as hwrngs, and only rngd needs to be setup on the host for most of them. Some USB-based ones need a custom program to extract data from them, and then need to be fed into the host’s /dev/random. Overall, all work equally well.

      Additionally, watch out for Intel processors having the RDSEED instruction. A separate hwrng may not be needed if you have a compatible processor — just need to feed the host kernel with entropy from the processor.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s