Random numbers from CPU execution time jitter

Random numbers from CPU execution time jitter

I agree. In the SoCs I've been involved with, the main source of indeterminism involves crossing asynchronous clock domains, where each clock domain is driven by different crystal (or other independent oscillator). Otherwise, the SoC is pretty darn deterministic.

As Ted Ts'o says, just because you can't work it out, it doesn't mean I (or a sufficiently motivated attacker) can't work it out.

That even applies to caches with so-called random replacement policies. They're really pseudo-random, and in principle you can work out whatever state is in that PRNG eventually.

I've spent way too much skull sweat staring at waveforms and what not to think of cache behavior as truly random. Sure, it's unpredictable from the context of a given application running that doesn't know the full state of the machine. But, if you know the actual state of the cache and the sequence of requests coming from the application and so on, the whole memory hierarchy is pretty much deterministic.

(Now that said, it's quite common in the SoC's I've worked with that the external memory is driven by a distinct clock from the processor and memory hierarchy. That will affect the timing of cache misses to external memory by a couple of cycles here or there. So, there is indeterminism in that domain crossing. But, the entropy you should expect to extract from that should be very low.)