Enabling Virtio RNG


Virtio RNG is a paravirtualized random number generator. Virtio RNG provides random numbers from an entropy pool generated by the host machine of your virtual machine (VM) instance. The entropy pool collects random bits of information from the system and uses that information to generate truly random numbers, which you can use for sensitive information, such as SSH keys or unique IDs.

Before you begin

  • If you haven't already, set up authentication. Authentication is the process by which your identity is verified for access to Google Cloud services and APIs. To run code or samples from a local development environment, you can authenticate to Compute Engine as follows.
    1. Install the Google Cloud CLI, then initialize it by running the following command:

      gcloud init
    2. Set a default region and zone.

Limitations

  • Virtio RNG is not available for Windows images.
  • By default, Compute Engine VMs use Virtio RNG instead of a daemon to refill the guest entropy pool. If you prefer to use an entropy gathering daemon instead of or along with Virtio RNG, you must install one. For an example of an entropy gathering daemon, see the rng-tools documentation.

Checking if Virtio RNG is enabled

You can check whether Virtio RNG is enabled on your VM by running the following command:

lsmod | grep rng

When Virtio RNG is enabled, your output is similar to the following:

virtio_rng             16384  0
rng_core               16384  2 virtio_rng
virtio_ring            28672  4 virtio_rng,virtio_scsi,virtio_pci,virtio_net
virtio                 16384  4 virtio_rng,virtio_scsi,virtio_pci,virtio_net

Testing Virtio RNG

You can test Virtio RNG by using the /dev/random device.

  1. Connect to the VM by using SSH. For example, you can use the gcloud CLI to connect:

    gcloud compute ssh VM_NAME
    

    Replace VM_NAME with the name of your VM.

  2. Install rng-tools:

    CentOS

    Use the following command to install rng-tools:

    sudo yum install rng-tools

    Debian

    Use the following command to install rng-tools:

    sudo apt install rng-tools

    Fedora CoreOS

    Use the following command to install rng-tools:

    sudo yum install rng-tools

    RHEL

    Use the following command to install rng-tools:

    sudo yum install rng-tools

    SLES

    Use the following command to install rng-tools:

    sudo zypper install rng-tools

    Ubuntu LTS

    Use the following command to install rng-tools:

    sudo apt install rng-tools

    Some Ubuntu images return a Package 'rng-tools' has no installation candidate error. If you receive this error, run the following commands:

    sudo apt update
    sudo apt install rng-tools
    
  3. On the VM, run the rngtest command:

    cat /dev/random | rngtest -c 1000
    

If Virtio RNG isn't enabled, the command doesn't return anything. If it is enabled, you receive a response similar to the following:

rngtest 2-unofficial-mt.14..
rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 1000
rngtest: FIPS 140-2 failures: 0
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 0
rngtest: FIPS 140-2(2001-10-10) Long run: 0
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=4.801; avg=7.318; max=7.839)Mibits/s
rngtest: FIPS tests speed: (min=39.005; avg=69.557; max=72.523)Mibits/s
rngtest: Program run time: 2880954 microseconds

What's next