Bug #16971

Help users of Tails in a VM from ISO get good randomness

Added by intrigeri 2019-08-11 15:07:27 . Updated 2019-08-11 15:09:14 .

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
Virtualization
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Research
Starter:
Affected tool:
Deliverable for:

Description

One of the outcomes of Feature #11898 is that many VMs get poor randomness, which impacts all kinds of security operations. Feature #11897 will mostly fix that for users who start Tails in a VM from a virtual USB drive created from a USB image. But users who use the ISO as a virtual DVD will still be exposed to this problem.

We should communicate to users that for safe Tails usage from ISO in a virtual machine, one needs to provide randomness from the host system to the guest Tails virtual machine, for example using the Virtio RNG feature in QEMU and libvirt.

Open questions:

  • Is RNG passthrough good enough in itself?
  • Is there a similar feature in VirtualBox?

Regarding how to help these users:

  • We should probably add specific recommendations in our doc about running Tails in VMs.
  • Ideally, when started from DVD and our “running in a VM” detection system does not detect a “hardware” RNG, it could warn the user and point them to the aforementioned doc.

Subtasks


History

#1 Updated by intrigeri 2019-08-11 15:09:14

  • Subject changed from Help users of Tails in a VM get good randomness to Help users of Tails in a VM from ISO get good randomness
  • Description updated