The SOURCE for truly random numbers in the kernel is external hardware

My servers are perpetually entropy-starved simply by random web crawlers hitting its TLS-exposed services. A full entropy pool is typically depleted within a few seconds, even under low-load situations.

Meanwhile, I won't be using the RNG output of the STM32 directly; it will be mixed and mangled before being passed to the host -- and since Linux will mix it with its other entropy sources, it's considerably less likely to be a problem.

Besides, let's be honest here, if you distrust commercial RNGs, wouldn't any random pre-packaged RNG design be equally suspect? Just because the design/code is open source doesn't mean there's not a weakness in it that only the NSAs in the world are capable of recognizing. And besides, even assuming noble intentions, designing a good RNG is *hard*; I'm actually more likely to introduce weaknesses (as opposed to improvements) with my meddling.