Home / Linux / Following Buggy AMD RdRand, The Linux Kernel Will Begin Sanity Checking Randomness At Boot Time

Following Buggy AMD RdRand, The Linux Kernel Will Begin Sanity Checking Randomness At Boot Time

LINUX SECURITY --

The Linux kernel will begin doing a basic sanity check of x86_64 CPUs with the RdRand instruction to see if it’s at least returning “random looking” data otherwise warn the user at boot time. This stems from a recent issue where AMD’s RdRand behavior with some hardware (particularly, buggy motherboards) could have borked RdRand issues.

This summer the Linux kernel shifted to no longer advertising RdRand support on Bulldozer and Jaguar CPUs. This was due to RdRand becoming problematic for a subset of systems following suspend/resume cycles. The issue was blamed on motherboard BIOS implementations as opposed to the CPUs, but with enough buggy BIOS implementations out there, it was easier blacklisting all the Family 15h/16h processors.

In helping fend off similar future problems, the Linux kernel will do a basic sanity check of RdRand at boot time. The kernel already does a sanity check of calling RdRand eight times to verify it was properly returning, otherwise disable the capability, but now there is a second check.

This new sanity check is calling RdRand eight times and ensuring the data has changed between calls. If the data never changed, it will now print to the dmesg output, “RDRAND gives funky smelling output, might consider not using it by booting with “nordrand”.” This new sanity check will not disable RdRand but just point out to the user the likelihood it being broken over a successive RdRand call returning the same “random” data.


>> Source Link

Loading...

Check Also

25+ Examples of Simplified and Complex Sentences (with SPOK)

Learning Indonesian is an important thing to do. This is because we live as Indonesian …