random-util: remove RDRAND usage

/dev/urandom is seeded with RDRAND. Calling genuine_random_bytes(..., ..., 0) will use /dev/urandom as a last resort. Hence, we gain nothing here by having our own RDRAND wrapper, because /dev/urandom already is based on RDRAND output, even before /dev/urandom has fully initialized. Furthermore, RDRAND is not actually fast! And on each successive generation of new x86 CPUs, from both AMD and Intel, it just gets slower. This commit simplifies things by just using /dev/urandom in cases where we before might use RDRAND, since /dev/urandom will always have RDRAND mixed in as part of it. And above where I say "/dev/urandom", what I actually mean is GRND_INSECURE, which is the same thing but won't generate warnings in dmesg.
2026-04-14 00:14:32 +09:00 · 2022-03-06 22:15:44 -07:00
parent e28770e367
commit ffa047a03e
9 changed files with 29 additions and 227 deletions
--- a/docs/PORTING_TO_NEW_ARCHITECTURES.md
+++ b/docs/PORTING_TO_NEW_ARCHITECTURES.md
@@ -53,9 +53,6 @@ architecture.
   support booting into OS trees that have an empty root directory with only
   `/usr/` mounted in.

-7. If your architecture has a CPU opcode similar to x86' RDRAND consider adding
-   native support for it to `src/basic/random-util.c`'s `rdrand()` function.
-
-8. If your architecture supports VM virtualization and provides CPU opcodes
+7. If your architecture supports VM virtualization and provides CPU opcodes
   similar to x86' CPUID consider adding native support for detecting VMs this
   way to `src/basic/virt.c`.