Random numbers with sys_rand32_get() on non-secure side and TF-M

[mkaranki]

I have b_u585i_iot02a STM32U585 board. I am experimenting to build a networking application with TF-M FW included.

The configuration:

• I need NETWORKING
• NETWORKING is selecting ENTROPY_GENERATOR
• ENTROPY_STM32_RNG is selected by default (dependencies ENTROPY_GENERATOR and DT_HAS_ST_STM32_RNG_ENABLED)

For the TF-M, my setup has TFM_CRYPTO_RNG_MODULE_ENABLED set. So, effectively both non-trusted application and TF-M are using MCU's TRNG peripheral. To the questions: should this setup work?

It is not. sys_rand32_get() is blocking infinitely on non-secure side with this configuration. There are indeed many places in network subsystem that are using it.

If I:

• deselect TFM_CRYPTO_RNG_MODULE_ENABLED, or
• deselect ENTROPY_STM32_RNG and set e.g. TIMER_RANDOM_GENERATOR

Then sys_rand32_get() works fine.

If it is so that the TRNG can't be used from both non-secure and secure execution environments, then I'd assume it is at least ok to fall back using pseudo random numbers as the sys_rand*_get API is not meant to be used to create cryptographically safe random numbers.

If so, maybe the Zephyr's Kconfig could be tuned to not to suggest by default or not even allow the configuration where the TRNG usege is enabled from both execution environments. Maybe by adding ENTROPY_STM32_RNG to depend on TFM_CRYPTO_RNG_MODULE_ENABLED=n?

[mkaranki]

Edit: actually deselecting TFM_CRYPTO_RNG_MODULE_ENABLED is not enough. ENTROPY_STM32_RNG + sys_rand32_get() is not working on non secure side that one deselected.