On Tue, Aug 27, 2019 at 07:39:55PM +0200, Borislav Petkov wrote:
> @@ -42,5 +43,24 @@ void x86_init_rdrand(struct cpuinfo_x86 *c)
> return;
> }
> }
> +
> + /*
> + * Stupid sanity-check whether RDRAND does *actually* generate
> + * some at least random-looking data.
> + */
> + prev = tmp;
> + for (i = 0; i < SANITY_CHECK_LOOPS; i++) {
> + if (rdrand_long(&tmp)) {
> + if (prev != tmp)
> + changed++;
You could do some sort of weak statistical test like
if (popcnt(prev ^ tmp) < BITS_PER_LONG / 3)
bad++;
if (bad > TOO_BAD)
WARN(...);
this should catch same value, increments you mentioned and possibly
other trivial classes of not-so-random values.
