It Turns Out CPU Speculative Execution Can Be Useful For Random Entropy / RNG
While CPU speculative execution has caused a lot of frustrations over the past two years due to the likes of the Spectre vulnerabilities, it turns out CPU speculative execution can be exploited to be a viable source of random entropy for random number generators.
Particularly on newer Intel/AMD CPU microarchitectures where speculative execution is much more advanced than hardware from years ago, it's been found that measuring the execution time of loops relying upon speculation is random enough to be a cheap and speedy source of entropy. Straight-forward loops without any extra instructions obviously don't work out but with adding "useless" instructions in the mix does yield non-deterministic execution times when measured via RDTSC (reading the CPU timestamp counter).
Longtime kernel developer Thomas Gleixner who has been involved with a lot of the Spectre/Meltdown mitigation work was the one presenting his preliminary code and research on the topic. It's not necessarily as strong as some of the more rigid sources of entropy data, but it's quick and seems to work well particularly with newer CPUs as outlined in this mailing list post.
Linus Torvalds commented and he believes that this is not very reliable and a simple jitter entropy implementation. But he did post his own proof-of-concept code for improving the jitter entropy code based upon this.
We'll see where this work heads and if a future Linux kernel code could be making use of speculative execution for another source for random number generation.