Following Buggy AMD RdRand, The Linux Kernel Will Begin Sanity Checking Randomness At Boot Time
Written by Michael Larabel in Linux Security on 2 October 2019 at 04:12 PM EDT. 25 Comments
LINUX SECURITY --
The Linux kernel will begin doing a basic sanity check of x86_64 CPUs with the RdRand instruction to see if it's at least returning "random looking" data otherwise warn the user at boot time. This stems from a recent issue where AMD's RdRand behavior with some hardware (particularly, buggy motherboards) could have borked RdRand issues.

This summer the Linux kernel shifted to no longer advertising RdRand support on Bulldozer and Jaguar CPUs. This was due to RdRand becoming problematic for a subset of systems following suspend/resume cycles. The issue was blamed on motherboard BIOS implementations as opposed to the CPUs, but with enough buggy BIOS implementations out there, it was easier blacklisting all the Family 15h/16h processors.


In helping fend off similar future problems, the Linux kernel will do a basic sanity check of RdRand at boot time. The kernel already does a sanity check of calling RdRand eight times to verify it was properly returning, otherwise disable the capability, but now there is a second check.

This new sanity check is calling RdRand eight times and ensuring the data has changed between calls. If the data never changed, it will now print to the dmesg output, "RDRAND gives funky smelling output, might consider not using it by booting with "nordrand"." This new sanity check will not disable RdRand but just point out to the user the likelihood it being broken over a successive RdRand call returning the same "random" data.

About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 10,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Related Linux Security News
Popular News This Week