@markm Can you please specifically address the comment @jmg posted on this review (and it's ancestor)?

Add secteam instead of just me.

Address feedback from bjk.

Adding cperciva and jmg who may be able to help provide some opinions about how they think this should go.

Okay, based on that, looks good to me.

Would it be better off to just not do checksumming for this and use the source as is?

In D13925#292062, @cem wrote:

In D13925#292058, @badfilemagic_gmail.com wrote:

Conrad, thanks for the details. I also looked at the code in the other review and it looks good. I’d expect whitened output from the ctr-aes drbg to measure ~6.5 bits when put through the sp800-90b tool. That’s roughly what you get out of 1000000 samples from RDRND on Intel.

FWIW, these processors also have RDRAND. I don't know if the RDRAND implementation is related to the CCP device TRNG or not.

I obtained some sample output from the CTR-AES DRBG via kgdb and /dev/mem:

This is fine (obviously missing the actual implementation). Adding Dean to the reviewers, he has history in doing assessments of HW TRNG and might be a good collaborator to look at the quality of the bits coming from ccp(4).

Looks okay to me but I'm probably not the best person to judge. If anyone else would like to weigh in. Feel free.

Can you please review?

In D13392#279901, @gjb wrote:

In D13392#279884, @remko wrote:

shouldn't we try to renumber the rel0.current/rel1.current stuff ? I forgot how we did that in the past though so I can be mistaken :)

Generally, yes, but it tends to be a bit more complicated than what Gordon has proposed here.

Accommodate r51259.

I should have added secteam as well. Sorry about that.

Adding doceng

In D12405#279438, @emaste wrote:

Is this ready to commit now?