Skip to content

Commit 9e4b202

Browse files
bchaliosbchalios
committed
doc: update docs for entropy to mention aws-lc-rs
Modify the documentation to point to aws-lc-rs as a source of random bytes for virtio-rng, instead of the host Linux kernel. Signed-off-by: Babis Chalios <[email protected]>
1 parent 89f0c90 commit 9e4b202

File tree

2 files changed

+8
-9
lines changed

2 files changed

+8
-9
lines changed

docs/entropy.md

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -53,10 +53,8 @@ be achieved by adding a section like this:
5353
}
5454
```
5555

56-
On the host side, firecracker uses [`OsRng`][2] to get random bytes from the
57-
host kernel. The [implementation][3] of `OsRng` on Linux uses the
58-
`getrandom(2)` system call when available, otherwise it falls back to
59-
`/dev/urandom` after successfully polling `/dev/random`.
56+
On the host side, Firecracker relies on [`aws-lc-rs`][2] to retrieve the random bytes.
57+
`aws-lc-rs` uses the [`AWS-LC` cryptographic library][3].
6058

6159
## Prerequisites
6260

@@ -66,5 +64,5 @@ kernel configuration option is `CONFIG_HW_RANDOM_VIRTIO` (which depends on
6664
`CONFIG_HW_RANDOM` and `CONFIG_VIRTIO`).
6765

6866
[1]: https://docs.oasis-open.org/virtio/virtio/v1.2/cs01/virtio-v1.2-cs01.html#x1-3050004
69-
[2]: https://docs.rs/rand/latest/rand/rngs/struct.OsRng.html
70-
[3]: https://docs.rs/getrandom/latest/getrandom/
67+
[2]: https://docs.rs/aws-lc-rs/latest/aws_lc_rs/index.html
68+
[3]: https://github.com/aws/aws-lc

docs/snapshotting/random-for-clones.md

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,9 +18,8 @@ The Linux kernel exposes three main `RNG` interfaces to userspace: the
1818
`/dev/random` and `/dev/urandom` special devices, and the `getrandom` syscall,
1919
which are described in the [random(7) man page][1]. Moreover, Firecracker
2020
supports the [`virtio-rng`](../entropy.md) device which can provide additional
21-
entropy to guest VMs. It draws its random bytes from the host kernel via
22-
`getrandom` or `/dev/urandom` after ensuring that the entropy pool has been
23-
initialized.
21+
entropy to guest VMs. It draws its random bytes from the [`aws-lc-rs`][8] crate
22+
which wraps the [`AWS-LC` cryptographic library][9].
2423

2524
Traditionally, `/dev/random` has been considered a source of “true”
2625
randomness, with the downside that reads block when the pool of entropy
@@ -237,3 +236,5 @@ int main(int argc, char ** argv) {
237236
[5]: https://elixir.bootlin.com/linux/v4.14.295/source/drivers/char/random.c#L1355
238237
[6]: https://elixir.bootlin.com/linux/v5.10.147/source/drivers/char/random.c#L1360
239238
[7]: https://elixir.bootlin.com/linux/v4.14.295/source/drivers/char/random.c#L1351
239+
[8]: https://docs.rs/aws-lc-rs/latest/aws_lc_rs/index.html
240+
[9]: https://github.com/aws/aws-lc

0 commit comments

Comments
 (0)