LOW-RISC RANDOMNESS
The main reason that RNGs in CPUs like Intel’s are mistrusted is that they’re proprietary. Not only does this go against Linux’s open source philosophy, but it makes it much harder to be certain there’s no NSAencoded back door.
Although we’ve talked at length about why this shouldn’t actually matter if you have a sufficient mix of entropy sources, the ultraparanoid have an alternative: the RISC-V instruction set is open source, meaning experts can fully verify the source code and hardware design of chips using it, making a backdoor much harder to hide.
The RISC-V True Random Number Generator (TRNG) is very advanced. Unlike other ISAs, it splits DRBGs into a separate privileged interface. It also only operates with a physical source of randomness, which is then ‘debiased’ to make it truly random using secure hashes. There are also safeguards to check the quality of random bits to make sure that the environment hasn’t been altered by bad actors to weaken entropy.
The full spec of the TRNG (available from https:// eprint.iacr.org/2020/866. pdf) reveals that it’s designed to guarantee a simple, device-independent driver component, such as in the Linux kernel, embedded firmware or a cryptographic library.
If you feel like playing it safe, there’s more good news. There are 64-bit developer previews of Ubuntu server already available for certain RISC-V boards (https://ubuntu.com/ download/risc-v). Debian has had a RISC-V port for a while but version 13 will officially support the instruction set for the first time.