Edit to add: we can obviously pass on the RDRAND instruction directly to the VM, but that's less portable, because not all servers in a server farm may have that instruction available, limiting live migration capabilities.
So we can just pass on output from RDSEED into the host's /dev/random, and feed the VM /dev/random by default as described.
https://software.intel.com/en-us/blogs/2012/11/17/the-differ...
Edit to add: we can obviously pass on the RDRAND instruction directly to the VM, but that's less portable, because not all servers in a server farm may have that instruction available, limiting live migration capabilities.
So we can just pass on output from RDSEED into the host's /dev/random, and feed the VM /dev/random by default as described.