The in-development Linux 5.5 kernel will begin sanity checking the RdRand instruction output for randomness on CPU boot/resume due to the recent spat of AMD CPUs that have yielded non-random RdRand output.
Due to some AMD Jaguar and Bulldozer CPUs having buggy RdRand when paired with various motherboards due to firmware/BIOS differences particularly on resume, the Linux kernel resorted to no longer advertising RdRand for Family 15h/16h processors a few months back.
But as a more generic long-term solution to fend off RdRand problems moving forward, the Linux kernel is beginning to sanity check RdRand output.
With the Linux 5.5’s CPU bring-up code path the kernel will begin testing the RdRand output by doing a number of loops and ensuring the output between those loops calling RdRand change. If the RdRand output doesn’t change (such as always returning zeroes as was the case with some AMD systems), the kernel will dump to the dmesg: “RDRAND gives funky smelling output, might consider not using it by booting with “nordrand”.”
That paired with the existing disabling of RdRand advertisements for 15h/16h processors and already having worked through the Zen 2 issues should square away all currently known x86_64 CPU randomness issues. The RdRand sanity checking was mailed in today for the 5.5 merge window as part of the x86/cpu changes.
>> Source Link