AMD RDRAND bug

BenStigsen

I'm getting this bug: https://arstechnica.com/gadgets/2019/10/how-a-months-old-amd-microcode-bug-destroyed-my-weekend/

Where each time on the bootscreen, it gives me an error message about the random numbers. I ran the script in the article, and every single time it returns the "random" numbers: 0xFFFFFF. As far as I understand, this might be related to amd64-microcode, but I'm not able to install this on Solus OS? Does anyone have any solutions for this?

Harvey

brent I guess I'm saying that you are saying there's still a dangerous amd microcode vulnerability still unpatched in the wild after being known about for 3 years?

No. There was an issue and it has been fixed for ages. I have a Ryzen 3900X.

BenStigsen Does anyone have any solutions for this?

To quote the article linked

If you're a Linux user, you can download rdrand-test.zip, unzip it, and run it directly in the folder that you unzipped it in. ./amd-rdrandbug will tell you in plain English whether you have this specific bug

Does the ./amd-rdrandbug say you have the issue? Mine does not.

Your RDRAND() does not have the AMD bug.

If yours does, you need to update your BIOS. As the article says:

As AMD's representatives told reporters back in July, the real fix comes from applying BIOS updates to your motherboard.

brent

*this is the dateline of your ars technica article: JIM SALTER - 10/29/2019, 4:00 AM
*this is the date of the last comment: MAR 13, 2020 9:49 AM.
*Author has [UPDATED] after the title, and his update is undated...but it starts "soon after my story asrock offered me....."
*Apparently you download the amd tester"If you're a Linux user, you can download rdrand-test.zip," and ran it because you said you did.
*the entire article was about the ryzen 3000

I guess I'm saying that you are saying there's still a dangerous amd microcode vulnerability still unpatched in the wild after being known about for 3 years? And you have it?
Doesn't seem likely but I know some things don't get patched for years. I wonder what the dealio is about the ryzen 3000?
As an intel user I'm not inclined to investigate beyond this. Maybe someone can confirm or deny.

brent

Harvey I knew someone would have the 4-1-1 about the 3000 series. Thanks for clarifying. 3 yrs seemed a little excessive to me.

BenStigsen

Yeah, I was hoping that it wasn't a BIOS thing, because updating BIOS seems daunting. But I just did it and it was surprisingly simple. The bug is not there anymore.