Given all of the VMs that Qubes manages, do entropy stores get depleted faster than a standard OS? Or do individual VMs manage their own entropy pools? My understanding is the randomness is seeded by hardware processes that generate random noise. How are VM entropy pools generated and maintained when they are typically isolated from hardware?
In the past, on other operating systems, I have “topped” off /dev/random with my hardware TRNG. Would there be any practical benefit in doing that in dom0? It would of course mean that I would need to grant access to the device to modify dom0. I trust the device (at least as much as I trust any other device I own) but not if there is no practical benefit.
If individual VMs manage their own entropy, I assume I would top off /dev/random in each of my VM templates? That being the case, do appVMs that are generated by the same template share a common entropy pool? What happens when randomness is used by a given appVM and then restarted? Does the newly launched appVM re-inheret the same entropy pool from the previous boot?
Given a trusted hardware TRNG, is there potential benefit to topping off /dev/random in a given appVM prior to batch-generating multiple cryptographic keys or running processes that require adequate stores of entropy? Or is it dom0 that needs the “refill” so that Xen can somehow seed VM instances?