Generating random numbers is essential to cryptography and providing a source of true randomness is an important feature for modern systems. The kernel provides a software implementation but this often lacks sufficient entropy at critical points (especially at boot), is not trusted by components such as OP-TEE and an equivalent rarely exists in the small RTOSes that power the IoT. An alternative is a hardware TRNG but what if you are working on a system without one?

This session is a case study describing our work to bring a hardware TRNG to Developerbox. This platform did not include a TRNG peripheral so we had to find an alternative. We wrote an OP-TEE static Trusted Application (TA) to collect entropy using thermal noise from the on-chip thermal sensors. The data we got required conditioning to eliminate bias but with simple conditioning we were able to generate sequences of numbers that pass suitable fitness tests. We will also look at how we optimized entropy collection using secure timer interrupt to avoid busy loops.