When Entropy Fails: The Hilarious (and Harmless) Zen 5 RNG Debacle

Xodice

Back in October, the tech world discovered that Zen 5’s RDSEED instruction was returning zeros while still setting the carry flag. In plain English, the chip said “here’s some random data” and handed you nothing. That sparked every kernel developer’s favorite pastime: writing commit messages with creative profanity.

By 2025, most operating systems already treated a CPU’s hardware RNG as one of many entropy sources. That’s the only reason this was funny instead of catastrophic. AMD’s newly published security bulletin AMD-SB-7055 confirms it. The 16 and 32 bit forms of RDSEED can return zero while reporting success. The 64 bit form is fine. AMD suggests masking the CPUID flag, using the 64 bit form, or treating zero as failure and retrying.

This backs up what I wrote earlier: the multi-layered entropy model saves the day. Linux, FreeBSD, and Windows already mix in jitter, I/O, and other noise. So even if your CPU serves you a zero, the pool still churns along happily. No mass key reuse, no Bitcoin lost, just another entry in the long list of “hardware RNG oopsies.”

What Actually Broke

On Zen 5, the shorter RDSEED variants started returning zero while setting the success flag. Software that trusted that flag slurped the zero straight into the entropy pool. AMD’s bulletin now explicitly confirms the issue and recommends workarounds until microcode updates land. BIOS updates with fixed AGESA are already rolling out for some boards.

The 64 bit variant still behaves correctly, which is why most modern kernels and libraries never noticed anything wrong. The bug is a perfect reminder that “trust but verify” isn’t just for politicians; it applies to your CPU too.

Fun fact: the 64 bit version was fine the whole time, like the CPU was saying, “Just use a bigger word, bro.”

How to Check Your System

  • Run grep rdseed /proc/cpuinfo to confirm the flag is present.
  • Use cpuid or rdseed test utilities to see if zero ever comes back on 16/32 bit calls.
  • Consider setting random.trust_cpu=off if you are paranoid or just enjoy kernel parameters.
  • Watch your board vendor for BIOS or microcode updates referenced in AMD-SB-7055.

Final Thought

AMD turned a funny rumor into an official document. The bug is real, the risk is trivial, and the jokes write themselves. Somewhere in an engineering lab, someone had to type “returns zero but indicates success” into a tracker ticket with a straight face. The magician’s hat was empty, and the audience applauded anyway.

Update (Oct 28, 2025): AMD-SB-7055 has been published confirming this behavior on Zen 5 processors. The advisory outlines workarounds, BIOS release targets, and mitigation guidance. It closes the loop on what was, in the end, a comedy of harmless zeros.

Leave a Reply

Your email address will not be published. Required fields are marked *