The source of randomness is Go's rand package, thus the concrete details will depend on the underlying system/environment, e.g.,
- Linux, FreeBSD: getrandom(2) if available, /dev/urandom otherwise
- OpenBSD: getentropy(2)
- Unix-like systems: /dev/urandom
- Windows: CryptGenRandom API
A version of the TSM based on a platform consisting of Go and BoringCrypto running on Intel hardware is currently in the process of being FIPS-140-3 certified. BoringCrypto is FIPS-140-2 certified and on an Intel platform, the DRBG utilizes RDRAND, which is also FIPS-140-2 certified.
When generating keys in the TSM this will draw upon the described entropy sources at each MPC node. During key generation a node only learns its own share, and the full key is never assembled or available.
Updated about 2 years ago