diff --git a/hypervisor/arch/x86/security.c b/hypervisor/arch/x86/security.c
index 93d7ac1a9..1e84023b9 100644
--- a/hypervisor/arch/x86/security.c
+++ b/hypervisor/arch/x86/security.c
@@ -214,9 +214,22 @@ uint64_t get_random_value(void)
 #ifdef STACK_PROTECTOR
 void set_fs_base(void)
 {
+	int retry;
 	struct stack_canary *psc = &get_cpu_var(stk_canary);
 
-	psc->canary = get_random_value();
+	/*
+	 *  1) Leave initialized canary untouched when this function
+	 *     is called again such as on resuming from S3.
+	 *  2) Do some retries in case 'get_random_value()' returns 0.
+	 */
+	for (retry = 0; (retry < 5) && (psc->canary == 0UL); retry++) {
+		psc->canary = get_random_value();
+	}
+
+	if (psc->canary == 0UL) {
+		panic("Failed to setup stack protector!");
+	}
+
 	msr_write(MSR_IA32_FS_BASE, (uint64_t)psc);
 }
 #endif