Generating random numbers is essential to cryptography and providing a source of true randomness is an important feature for modern systems. The kernel provides a software implantation but this often lacks sufficient entropy at critical points (especially at boot), is not trusted by components running in secure contexts such as Arm TrustZone, and an equivalent rarely exists in the small RTOSes that power the IoT. An alternative is a hardware true random number generator (TRNG) but what if you are working on a system without one?
This session is a case study describing our work to bring an OP-TEE port and a hardware TRNG to the 96Boards Developerbox. This platform does not include a TRNG peripheral so we had to find an alternative. We wrote an OP-TEE static Trusted Application (TA) to collect entropy using thermal noise from the on-chip thermal sensors. The data we got required conditioning to eliminate bias but with simple conditioning we were able to generate sequences of numbers that pass suitable fitness tests. We will also look at how we optimized entropy collection using secure timer interrupt to avoid busy loops.


Comments are closed.