It could be that the Linux kernel random number generator has been backdoored on all the large cloud computing platforms. They could be even snooping the entropy pool in memory, as the system is operating? You don't know what's really going on in a virtualized environment? Also many BMCs have JTAG access to the CPU, what's the chance that they have implants in the BMCs, knowing how insecure they are?
https://www.asset-intertech.com/resources/blog/2017/12/micro...