Systemd Will Now Use RdRand Directly If The Kernel Can't Deliver Entropy

Written by Michael Larabel in systemd on 26 August 2018 at 05:58 AM EDT. 24 Comments
SYSTEMD
Systemd will now resort to using Intel's RdRand hardware random number generator directly if the Linux kernel is unable to provide the init system with sufficient entropy.

This systemd change stems from the issue of the Linux boot process getting stuck if there's not enough entropy due to a kernel change to eliminate CVE-2018-1108 over early boot processes potentially having weak random seed data. With systemd's random-util change, systemd will now use RdRand directly if the kernel can't provide any randomness, rather than having to block/stall.

In the systemd context it's relying upon the random number generator for seeding hash tables and thus doesn't need to be particularly random. But with many not trusting hardware random number generators, this support can be disabled by changing the systemd high_quality_required option to false. Under that condition, the kernel is the only source of entropy.


RdRand has been supported by Intel CPUs going back to the Ivy Bridge days while since Broadwell has also been RDSEED. On the AMD side, initial RdRand was found with Excavator cores while Zen also brings the RDSEED instruction.

This systemd RdRand tapping will be part of the upcoming systemd 240 release.
24 Comments
Related News
systemd Rolling Out "run0" As sudo Alternative
Systemd 256-rc1 Brings A Huge Number Of New Features
systemd In 2023 Added Windows-Inspired "Blue Screen Of Death" & macOS-Inspired T.D.M.
systemd 255 Released With A "Blue Screen of Death" For Linux Systems
systemd 255-rc1 Brings "Blue Screen of Death" Support & New Tool To Spawn VMs
Systemd Working On "Storage Target Mode" Feature - Inspired By Apple macOS
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
systemd Rolling Out "run0" As sudo Alternative
Microsoft Open-Sources MS-DOS 4.0 Under MIT License
Systemd 256-rc1 Brings A Huge Number Of New Features
NVIDIA Developer Opens Feature Pull Request For Open-Source NVK Driver
Linux Mint Looks To Fork More GNOME Software, Make XApp More Independent
Rust-Based Coreutils 0.0.26 Increases Compatibility With GNU Coreutils
Ubuntu 24.04 LTS Downloads Now Available
Microsoft Updates Cascadia Code: Its Open-Source Font For Developers