Intel® ISA Extensions
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.
This community is designed for sharing of public information. Please do not share Intel or third-party confidential information here.
1058 Discussions

RDRAND instruction supported but DRNG not supported



I have a server running on Intel CoreT i3-4330TE Processor. OS is Centos 6.7. We are working on FIPS compliance for our product and wanted to use only /dev/random in our application code. But there is not enough entropy in the system.

cat /proc/sys/kernel/random/entropy_avail   : shows between 100 to 200.

I have verified that RDRAND instruction is supported :

1. rdrand is found in the flags in /proc/cupinfo  (please refer attachment)

2. Ran cpuid and verified that the bit 30 in ECX register is 1. (please refer attachment)

Installed rng-tools. But rngd -v does not list DRNG. Even I attempted running cat /dev/random | rngtest -c 1000 

The test just hangs.

I would like to know why DRNG is not listed when I run rngd -v and why entropy is so less on the system even though RDRAND instruction is supported.

Would appreciate any pointers to address the issue.

Have already gone through :

0 Kudos
1 Reply

​Passing along a comment from an internal (linux) developer:

Centos 6 is too old. RDRAND support was added with kernel 3.5.

They can write a simple user program that does rdrand/seed and feeds it into /dev/random using the RNDADDENTROPY ioctl  similar to