From 912d4c144730b361672c7dc7e6bbc0e5c8f4bccf Mon Sep 17 00:00:00 2001 From: HW42 Date: Wed, 1 Jul 2015 19:44:46 +0200 Subject: [PATCH] qubes-random-seed: feed kernel rng with randomness from dom0 --- core-modules/000QubesVm.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/core-modules/000QubesVm.py b/core-modules/000QubesVm.py index 1e087196..6e9db745 100644 --- a/core-modules/000QubesVm.py +++ b/core-modules/000QubesVm.py @@ -23,6 +23,8 @@ # import datetime +import base64 +import hashlib import logging import lxml.etree import os @@ -1072,6 +1074,8 @@ class QubesVm(object): self.qdb.write("/qubes-debug-mode", str(int(self.debug))) + self.provide_random_seed_to_vm() + # TODO: Currently the whole qmemman is quite Xen-specific, so stay with # xenstore for it until decided otherwise if qmemman_present: @@ -1082,6 +1086,14 @@ class QubesVm(object): for hook in self.hooks_create_qubesdb_entries: hook(self) + def provide_random_seed_to_vm(self): + f = open('/dev/urandom', 'r') + s = f.read(64) + if len(s) != 64: + raise IOError("failed to read seed from /dev/urandom") + f.close() + self.qdb.write("/qubes-random-seed", base64.b64encode(hashlib.sha512(s).digest())) + def _format_net_dev(self, ip, mac, backend): template = " \n" \ " \n" \