On Sun, Apr 04, 2021 at 11:14:31AM -0700, John Nemeth wrote: > I understand the need for good random sources, and won't argue > it. My question is, how can we tell what random sources a system > actually has, i.e. is there some flag that cpuctl identify shows > when a system has RDRAND/RDSEED? Are there other sources that can > be positively identified as providing randomness?
I am not sure I understand the question correctly. rndctl will show the entropy available from the source. For cpu internal random sources, on x86 cpuctl identify shows them: # cpuctl identify 0 | fgrep RDRAND cpu0: features1 0x7ffafbff<F16C,RDRAND> # cpuctl identify 0 | fgrep RDSEED cpu0: features5 0x29c6fbf<INVPCID,RTM,FPUCSDS,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT> # rndctl -l Source Bits Type Flags [..] system-power 0 power estimate, collect, v, t, dt autoconf 0 ??? estimate, collect, t seed 256 ??? estimate, collect, v rdrand/rdseed 512 rng estimate, collect, v or on a system with another cpu: # rndctl -l Source Bits Type Flags [..] ualea0 512 rng estimate, collect, v [..] system-power 0 power estimate, collect, v, t, dt autoconf 0 ??? estimate, collect, t seed 256 ??? estimate, collect, v and yet another with no trusted source, but properly seeded (also an old and non-x86 system): # rndctl -l Source Bits Type Flags /dev/random 0 ??? estimate, collect, v ucom7 0 tty estimate, collect, v, t, dt ucom6 0 tty estimate, collect, v, t, dt ucom5 0 tty estimate, collect, v, t, dt ucom4 0 tty estimate, collect, v, t, dt ucom3 0 tty estimate, collect, v, t, dt ucom2 0 tty estimate, collect, v, t, dt ucom1 0 tty estimate, collect, v, t, dt ucom0 0 tty estimate, collect, v, t, dt sd1 0 disk estimate, collect, v, t, dt sd0 0 disk estimate, collect, v, t, dt cpu0 0 vm estimate, collect, v, t, dv hardclock 0 skew estimate, collect, t mvgbe0 0 net estimate, v, t, dt system-power 0 power estimate, collect, v, t, dt autoconf 0 ??? estimate, collect, t seed 256 ??? estimate, collect, v Martin
