Bug #16971: Help users of Tails in a VM from ISO get good randomness

Bug #16971

Help users of Tails in a VM from ISO get good randomness

Added by intrigeri 2019-08-11 15:07:27 . Updated 2019-08-11 15:09:14 .

Status:

Confirmed

Priority:

Normal

Assignee:

Category:

Virtualization

Target version:

Start date:

Due date:

% Done:

Feature Branch:

Type of work:

Research

Blueprint:

https://tails.boum.org/blueprint/randomness_seeding/

Starter:

Affected tool:

Deliverable for:

Description

One of the outcomes of ~~Feature #11898~~ is that many VMs get poor randomness, which impacts all kinds of security operations. Feature #11897 will mostly fix that for users who start Tails in a VM from a virtual USB drive created from a USB image. But users who use the ISO as a virtual DVD will still be exposed to this problem.

We should communicate to users that for safe Tails usage from ISO in a virtual machine, one needs to provide randomness from the host system to the guest Tails virtual machine, for example using the Virtio RNG feature in QEMU and libvirt.

Open questions:

Is RNG passthrough good enough in itself?
Is there a similar feature in VirtualBox?

Regarding how to help these users:

We should probably add specific recommendations in our doc about running Tails in VMs.
Ideally, when started from DVD and our “running in a VM” detection system does not detect a “hardware” RNG, it could warn the user and point them to the aforementioned doc.

Subtasks

History

#1 Updated by intrigeri 2019-08-11 15:09:14

Subject changed from Help users of Tails in a VM get good randomness to Help users of Tails in a VM from ISO get good randomness
Description updated