Bug #16971
Help users of Tails in a VM from ISO get good randomness
Start date:
Due date:
% Done:
0%
Feature Branch:
Type of work:
Research
Starter:
Affected tool:
Deliverable for:
Description
One of the outcomes of Feature #11898 is that many VMs get poor randomness, which impacts all kinds of security operations. Feature #11897 will mostly fix that for users who start Tails in a VM from a virtual USB drive created from a USB image. But users who use the ISO as a virtual DVD will still be exposed to this problem.
We should communicate to users that for safe Tails usage from ISO in a virtual machine, one needs to provide randomness from the host system to the guest Tails virtual machine, for example using the Virtio RNG feature in QEMU and libvirt.
Open questions:
- Is RNG passthrough good enough in itself?
- Is there a similar feature in VirtualBox?
Regarding how to help these users:
- We should probably add specific recommendations in our doc about running Tails in VMs.
- Ideally, when started from DVD and our “running in a VM” detection system does not detect a “hardware” RNG, it could warn the user and point them to the aforementioned doc.
Subtasks
History
#1 Updated by intrigeri 2019-08-11 15:09:14
- Subject changed from Help users of Tails in a VM get good randomness to Help users of Tails in a VM from ISO get good randomness
- Description updated