nrf_security: Enable NRF_RNG_ENTROPY_DRIVER for fake entropy

The NRF_RNG_ENTROPY_DRIVER provides entropy though the PSA APIs. This is used to seed/reseed the Oberon PSA random drivers (CTR_DRBG/HMAC_DRBG). Before this was only used to allow enabling this PSA driver with the devices which use the DT label 'rng'. We extend that now to allow this driver to be used with the fake entropy node which uses the DT label 'prng'. This is needed to unblock development until real RNG is enabled for all the needed applications/samples. In practice this means that when 'prng' is enabled a device can generate random numbers with the psa_generate_random call. Signed-off-by: Georgios Vasilakis <[email protected]>
nrfconnect · Feb 6, 2025 · 1612875 · 1612875
1 parent 6d8fc3b
commit 1612875
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 6 deletions.
diff --git a/subsys/nrf_security/src/drivers/zephyr/Kconfig b/subsys/nrf_security/src/drivers/zephyr/Kconfig
@@ -10,6 +10,6 @@ config PSA_NEED_NRF_RNG_ENTROPY_DRIVER
 	# Cannot select entropy-generator without creating a loop to ENTROPY_PSA_CRYPTO_RNG
 	depends on ENTROPY_GENERATOR
 	select PSA_ACCEL_GET_ENTROPY
-	depends on HAS_HW_NRF_RNG
+	depends on HAS_HW_NRF_RNG || FAKE_ENTROPY_NRF_PRNG
 	depends on (!PSA_USE_CC3XX_CTR_DRBG_DRIVER && !PSA_USE_CC3XX_HMAC_DRBG_DRIVER) && \
 		   (PSA_USE_CTR_DRBG_DRIVER || PSA_USE_HMAC_DRBG_DRIVER)
diff --git a/subsys/nrf_security/src/drivers/zephyr/nrf_rng_entropy.c b/subsys/nrf_security/src/drivers/zephyr/nrf_rng_entropy.c
@@ -17,19 +17,29 @@
  * It uses a "Zephyr entropy driver" and can therefore only be used in
  * Zephyr images.
  *
- * Note that it is only the device driver with the DT label 'rng' that
- * is supported and that this rng label is only applied for the Zephyr
- * driver that uses the HW peripheral NRF_RNG (entropy_nrf5.c).
+ * This is used for two uses cases, the first use case is when hardware
+ * crypto/entropy is not yet suported. This enables running software crypto
+ * with a non cryptographically secure random generator to unblock development
+ * when the device tree node with the DT label 'prng' is enabled.
  *
- * An intended use-case is for instance nrf52820 which has an NRF_RNG
+ * The second use case is for instance nrf52820 which has an NRF_RNG
  * peripheral, but does not have a HW crypto trng like cryptocell.
+ * In this use case the device driver with the DT label 'rng'
+ * is supported and this rng label is only applied for the Zephyr
+ * driver that uses the HW peripheral NRF_RNG (entropy_nrf5.c).
  *
  * Note that NRF_RNG produces TRNG, not CSPRNG.
  */
+#ifdef CONFIG_FAKE_ENTROPY_NRF_PRNG
+#define DTS_RNG_NODE_LABEL prng
+#else
+#define DTS_RNG_NODE_LABEL rng
+#endif
+
 psa_status_t nrf_rng_get_entropy(uint32_t flags, size_t *estimate_bits, uint8_t *output,
 				 size_t output_size)
 {
-	const struct device *dev = DEVICE_DT_GET(DT_NODELABEL(rng));
+	const struct device *dev = DEVICE_DT_GET(DT_NODELABEL(DTS_RNG_NODE_LABEL));
 	uint16_t request_len = MIN(UINT16_MAX, output_size);
 	int err;