diff --git a/subsys/nrf_security/src/drivers/zephyr/Kconfig b/subsys/nrf_security/src/drivers/zephyr/Kconfig index 1fa2433bd40e..3fd5e1285846 100644 --- a/subsys/nrf_security/src/drivers/zephyr/Kconfig +++ b/subsys/nrf_security/src/drivers/zephyr/Kconfig @@ -10,6 +10,6 @@ config PSA_NEED_NRF_RNG_ENTROPY_DRIVER # Cannot select entropy-generator without creating a loop to ENTROPY_PSA_CRYPTO_RNG depends on ENTROPY_GENERATOR select PSA_ACCEL_GET_ENTROPY - depends on HAS_HW_NRF_RNG + depends on HAS_HW_NRF_RNG || FAKE_ENTROPY_NRF_PRNG depends on (!PSA_USE_CC3XX_CTR_DRBG_DRIVER && !PSA_USE_CC3XX_HMAC_DRBG_DRIVER) && \ (PSA_USE_CTR_DRBG_DRIVER || PSA_USE_HMAC_DRBG_DRIVER) diff --git a/subsys/nrf_security/src/drivers/zephyr/nrf_rng_entropy.c b/subsys/nrf_security/src/drivers/zephyr/nrf_rng_entropy.c index 717c2a2a7dd9..ac3a972943f9 100644 --- a/subsys/nrf_security/src/drivers/zephyr/nrf_rng_entropy.c +++ b/subsys/nrf_security/src/drivers/zephyr/nrf_rng_entropy.c @@ -17,19 +17,29 @@ * It uses a "Zephyr entropy driver" and can therefore only be used in * Zephyr images. * - * Note that it is only the device driver with the DT label 'rng' that - * is supported and that this rng label is only applied for the Zephyr - * driver that uses the HW peripheral NRF_RNG (entropy_nrf5.c). + * This is used for two uses cases, the first use case is when hardware + * crypto/entropy is not yet suported. This enables running software crypto + * with a non cryptographically secure random generator to unblock development + * when the device tree node with the DT label 'prng' is enabled. * - * An intended use-case is for instance nrf52820 which has an NRF_RNG + * The second use case is for instance nrf52820 which has an NRF_RNG * peripheral, but does not have a HW crypto trng like cryptocell. + * In this use case the device driver with the DT label 'rng' + * is supported and this rng label is only applied for the Zephyr + * driver that uses the HW peripheral NRF_RNG (entropy_nrf5.c). * * Note that NRF_RNG produces TRNG, not CSPRNG. */ +#ifdef CONFIG_FAKE_ENTROPY_NRF_PRNG +#define DTS_RNG_NODE_LABEL prng +#else +#define DTS_RNG_NODE_LABEL rng +#endif + psa_status_t nrf_rng_get_entropy(uint32_t flags, size_t *estimate_bits, uint8_t *output, size_t output_size) { - const struct device *dev = DEVICE_DT_GET(DT_NODELABEL(rng)); + const struct device *dev = DEVICE_DT_GET(DT_NODELABEL(DTS_RNG_NODE_LABEL)); uint16_t request_len = MIN(UINT16_MAX, output_size); int err;