'rngd' in RHEL does not detect hardware random number generators in Intel IvyBridge processors or later

Solution Unverified - Updated -

Environment

  • RHEL 5 rng-utils
  • RHEL 6 rng-tools

Issue

Modern Intel CPUs (Ivy Bridge and later) come with a hardware random number generates, as seen by rdrand in /proc/cpuinfo's flags. However, the rngd command Red Hat Enterprise Linux (RHEL) 5 and RHEL 6 do not detect or use it.

Is Red Hat planning to address this?

Resolution

1) In RHEL 5 /sbin/rngd is provided by the rng-utils package. Red Hat at not currently planning to provide support for hardware RNG for IvyBridge processors or later within rng-utils on RHEL 5.

2) Within RHEL 6, affected package rng-tools cannot use or detect Intel IvyBridge (or later) hardware random number generators at this time. The following Bugzilla has been created in order to track developments related to this for RHEL 6. Please note, this Bugzilla is internal to Red Hat but has been included here for reference:

https://bugzilla.redhat.com/show_bug.cgi?id=996913
rng-tools does not detect DRNG (rdrand) on modern Intel CPUs

For some additional context, please also review the following KBase article for specific information on which Intel CPUs are supported on RHEL releases:

https://access.redhat.com/site/articles/65442
Intel CPUs and Supported Red Hat Enterprise Linux (RHEL) Versions

Root Cause

RHEL 5 rng-utils and RHEL 6 rng-tools cannot use or detect Intel IvyBridge (or later) hardware random number generators currently.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments