Skip to content

Revert "nrf_security: Enable NRF_RNG_ENTROPY_DRIVER for fake entropy" #25275

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Nov 3, 2025
Merged

Revert "nrf_security: Enable NRF_RNG_ENTROPY_DRIVER for fake entropy" #25275

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d5abba3
Revert "nrf_security: Enable NRF_RNG_ENTROPY_DRIVER for fake entropy"
seko-nordic Oct 30, 2025
42a16e7
manifest: Update sdk-zephyr revision
seko-nordic Oct 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion subsys/nrf_security/src/drivers/zephyr/Kconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,6 @@ config PSA_NEED_NRF_RNG_ENTROPY_DRIVER
# Cannot select entropy-generator without creating a loop to ENTROPY_PSA_CRYPTO_RNG
depends on ENTROPY_GENERATOR
select PSA_ACCEL_GET_ENTROPY
depends on HAS_HW_NRF_RNG || FAKE_ENTROPY_NRF_PRNG
depends on HAS_HW_NRF_RNG
depends on (!PSA_USE_CC3XX_CTR_DRBG_DRIVER && !PSA_USE_CC3XX_HMAC_DRBG_DRIVER) && \
(PSA_USE_CTR_DRBG_DRIVER || PSA_USE_HMAC_DRBG_DRIVER)
20 changes: 5 additions & 15 deletions subsys/nrf_security/src/drivers/zephyr/nrf_rng_entropy.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,29 +17,19 @@
* It uses a "Zephyr entropy driver" and can therefore only be used in
* Zephyr images.
*
* This is used for two uses cases, the first use case is when hardware
* crypto/entropy is not yet supported. This enables running software crypto
* with a non cryptographically secure random generator to unblock development
* when the device tree node with the DT label 'prng' is enabled.
* Note that it is only the device driver with the DT label 'rng' that
* is supported and that this rng label is only applied for the Zephyr
* driver that uses the HW peripheral NRF_RNG (entropy_nrf5.c).
*
* The second use case is for instance nrf52820 which has an NRF_RNG
* An intended use-case is for instance nrf52820 which has an NRF_RNG
* peripheral, but does not have a HW crypto trng like cryptocell.
* In this use case the device driver with the DT label 'rng'
* is supported and this rng label is only applied for the Zephyr
* driver that uses the HW peripheral NRF_RNG (entropy_nrf5.c).
*
* Note that NRF_RNG produces TRNG, not CSPRNG.
*/
#ifdef CONFIG_FAKE_ENTROPY_NRF_PRNG
#define DTS_RNG_NODE_LABEL prng
#else
#define DTS_RNG_NODE_LABEL rng
#endif

psa_status_t nrf_rng_get_entropy(uint32_t flags, size_t *estimate_bits, uint8_t *output,
size_t output_size)
{
const struct device *dev = DEVICE_DT_GET(DT_NODELABEL(DTS_RNG_NODE_LABEL));
const struct device *dev = DEVICE_DT_GET(DT_NODELABEL(rng));
uint16_t request_len = MIN(UINT16_MAX, output_size);
int err;

Expand Down
2 changes: 1 addition & 1 deletion west.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ manifest:
# https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/zephyr/guides/modules.html
- name: zephyr
repo-path: sdk-zephyr
revision: 1b82b097aa67086d5a326049ebcb23510ddab77a
revision: c1c66b9cffad1fea2d0b9d4c028f33ebe438dc3f
import:
# In addition to the zephyr repository itself, NCS also
# imports the contents of zephyr/west.yml at the above
Expand Down
Loading