A Meta engineer on the kernel developer mailing list Linux I noticed an issue with the RDSEED instruction in AMD processors based on the Zen 5 microarchitecture. In tests conducted, the RDSEED instruction, which provides access to the hardware entropy generator, returned 0 with a successful operation completion flag (CF=1) in 10% of cases. Since 0 is also returned when a valid random number cannot be returned, and this condition is indicated by a different operation completion flag (CF=0), it is assumed that AMD processors have a bug that causes the operation status to be incorrectly determined.
In the core Linux The instruction is used as one of the elements for generating entropy in the software pseudorandom number generator. There are multiple sources of entropy, so the issue with RDSEED does not affect the overall quality of the random numbers generated by the kernel. A patch has been released for the kernel that disables the use of the RDSEED instruction on systems with certain AMD processors based on the Zen 5 microarchitecture.
The issue was initially identified in AMD EPYC Turin CPUs but later replicated on another AMD CPU model with the same microarchitecture. Therefore, instead of selectively disabling it, it was proposed to disable RDSEED on all AMD Zen 5 processors. It's worth noting that testing the correct operation of RDSEED on various processors was conducted during the investigation of another RDSEED issue that arose in Zen2 Cyan Skillfish CPUs and, in some cases, resulted in only 0xffffffff being returned. Previously, AMD processors had issues with the RDRAND instruction not working properly after returning from sleep mode.
Source: opennet.ru
