Intel® ISA Extensions
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.
1093 Discussions

RDRAND instruction supported but DRNG not supported

SathyaShankar_K_
Beginner
‎08-08-2016 11:57 PM
661 Views

Hi,

I have a server running on Intel CoreT i3-4330TE Processor. OS is Centos 6.7. We are working on FIPS compliance for our product and wanted to use only /dev/random in our application code. But there is not enough entropy in the system.

cat /proc/sys/kernel/random/entropy_avail   : shows between 100 to 200.

I have verified that RDRAND instruction is supported :

1. rdrand is found in the flags in /proc/cupinfo  (please refer attachment)

2. Ran cpuid and verified that the bit 30 in ECX register is 1. (please refer attachment)

Installed rng-tools. But rngd -v does not list DRNG. Even I attempted running cat /dev/random | rngtest -c 1000 

The test just hangs.

I would like to know why DRNG is not listed when I run rngd -v and why entropy is so less on the system even though RDRAND instruction is supported.

Would appreciate any pointers to address the issue.

Have already gone through : https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide

cpuinfoAndcpuid.zip
0 Kudos

Link Copied

1 Reply
MarkC_Intel
Moderator
‎08-23-2016 08:09 AM
661 Views

​Passing along a comment from an internal (linux) developer:

Centos 6 is too old. RDRAND support was added with kernel 3.5.

They can write a simple user program that does rdrand/seed and feeds it into /dev/random using the RNDADDENTROPY ioctl  similar to http://halobates.de/pub/ak/smallsrc/rndfeed.c

 

 

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.