architecture: porting_guidelines: Expand section about RNG

For vendors porting their RNG drivers to OP-TEE, it is important that hw_get_random_bytes() should be implemented to support getting multiple bytes of entropy at a time. Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Donald Chan <hoiho@amazon.com>
OP-TEE · Jul 25, 2022 · 1f59fae · 1f59fae
1 parent a4c5aac
commit 1f59fae
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/architecture/porting_guidelines.rst b/architecture/porting_guidelines.rst
@@ -329,11 +329,17 @@ different depending on what kind of crypto IP you have, we have not written
 how that should be done. It might be that we do that in the future when get hold
 of a device where we can use the crypto block.
 
+Random Number Generator
+***********************
 By default OP-TEE is configured with a software PRNG. The entropy is added to
 software PRNG at various places, but unfortunately it is still quite easy to
 predict the data added as entropy. As a consequence, unless the RNG is based on
 hardware the generated random will be quite weak.
 
+If your platform has a hardware entropy source, you should set
+``CFG_WITH_SOFTWARE_PRNG`` to ``n``, and provide an implementation for
+``hw_get_random_bytes()``, which returns multiple bytes of entropy.
+
 Power Management / PSCI
 ***********************
 In the :ref:`add_a_new_platform` section where we talked about the file