It seems like it's (ab)using the metastability[1] of the dual inverter circuit as the input source. Since metastable states can persist for arbitrary long periods (with asymptotic probability), the bias testing and reset mechanisms are needed.
I assume they're controlling the system to ensure that the thermal noise dominates, and that the de-bias feedback loop and signal conditioner can strip out any low frequency thermal changes (like, temperature forcing through heavily loading CPU).
There are some really neat attacks that use thermal system properties to leak or force information. A submission from a while back: http://news.ycombinator.com/item?id=2872274 struck me as particularly sneaky.
Is there a risk that, after running for a long time, the dual inverter circuit (hardware) could degrade into a "stuck" or severely biased state? At some point, the conditioner probably can't compensate. Is there a method for software to query the RdRand's "health"?
Yes, the instruction that returns random bits returns a flag indicating that the bits were successfully obtained. I guarantee you somebody somewhere is going to forget to check that flag.
Sounds like that is built into the RdRand instruction. From the article:
"We really like to sleep well at night, so we've built in additional circuitry that tests to make sure that the concentrating machinery is always working with bit streams that aren't too biased. If it detects a biased output, we tag it as unhealthy and refine it to meet our standards. This way, only healthy pairs of bit streams are combined."
Not unless the hardware fails. The conditioner is a simple, bulletproof feedback loop. (I think it can be done with two resistors, a transistor, and a capacitor, with one internal state: moving towards 0/1 balance.)
I assume they're controlling the system to ensure that the thermal noise dominates, and that the de-bias feedback loop and signal conditioner can strip out any low frequency thermal changes (like, temperature forcing through heavily loading CPU).
There are some really neat attacks that use thermal system properties to leak or force information. A submission from a while back: http://news.ycombinator.com/item?id=2872274 struck me as particularly sneaky.
[1] https://secure.wikimedia.org/wikipedia/en/wiki/Metastability...