Talked to Joanna at C1C3.
Qubes does not forward real randomness from /dev/random to VMs yet. They have no plans to add this feature yet.
Although Qubes installs haveged by default, it's not clear if that is random enough. Randomness is a very difficult topic. Difficult to get down the rabbit hole. It's better to bootstrap haveged with strong entropy and to have multiple sources of randomness.
In comparison, for KVM there is VirtIO RNG.
VirtIO RNG is a paravirtualized device that is exposed as a hardware RNG device to the guest.
And I don't think they implemented this because they were bored. I think in this case it's better to be safe than sorry.
She said one could implement this using qrexec and that they would merge a patch implementing this.
See also:
- https://github.com/QubesOS/qubes-issues/issues/673
- https://github.com/QubesOS/qubes-issues/issues/673#issuecomment-108585795
General info on randomness:
Forum Discussion: