> Date: Sun, 4 Apr 2021 11:14:31 -0700 > From: John Nemeth <jnem...@cue.bc.ca> > > I understand the need for good random sources, and won't argue > it. My question is, how can we tell what random sources a system > actually has, i.e. is there some flag that cpuctl identify shows > when a system has RDRAND/RDSEED?
# cpuctl identify 0 | grep -e RDRAND -e RDSEED cpu0: features1 0x7fbae3bf<DEADLINE,AES,XSAVE,OSXSAVE,AVX,F16C,RDRAND> > Are there other sources that can > be positively identified as providing randomness? `rndctl -l' will tell you whether any sources you have on your system have provided any entropy. The system generally tries to read from HWRNGs as soon as possible at boot, so unless something is wrong you will see such sources listed next to nonzero bits of entropy in `rndctl -l' as soon as you can run that. You can grep the code for rnd_add_data and rnd_add_data_sync to find the drivers that pass nonzero values as the last argument, which is the number of bits of entropy in the process that generated the sample being fed in. Lots of SoCs have on-board RNGs these days; there are Intel and ARM CPU instructions (no ARMv8.5 hardware yet that I know of, but we're ready for its RNG!); some crypto decelerators like tpm(4), ubsec(4), and hifn(4) have RNGs; and there are some dedicated RNG devices like ualea(4).
