Short summary
We can use the Zephyr's Entropy API to access better random number generation.
Motivation and user story
By using hardware based random number generation (rather than software RNG, which is based on a seed) we slightly increase our cybersecurity! We'll also silence a cmake warning or two, making the build system cleaner.
Here are the cmake warnings that we are interested in addressing:
CMake Warning at lib/zephyr-workspace/zephyr/subsys/random/CMakeLists.txt:12 (message):
Warning: CONFIG_TIMER_RANDOM_GENERATOR and CONFIG_TEST_CSPRNG_GENERATOR are
not truly random generators. This capability is not secure and it is
provided for testing purposes only. Use it carefully.
-- Using ccache: /opt/homebrew/bin/ccache
CMake Warning at lib/zephyr-workspace/zephyr/modules/mbedtls/CMakeLists.txt:11 (message):
No entropy device on the system, using fake entropy source!Proposed implementation
This is likely to mostly be a Zephyr / kconfig task, there might not really be any code to write depending on where / how entropy is currently used in our codebase.
Link to Zephyr Entropy Docs
Pico Entropy Docs
Priority
Low
Short summary
We can use the Zephyr's Entropy API to access better random number generation.
Motivation and user story
By using hardware based random number generation (rather than software RNG, which is based on a seed) we slightly increase our cybersecurity! We'll also silence a cmake warning or two, making the build system cleaner.
Here are the cmake warnings that we are interested in addressing:
CMake Warning at lib/zephyr-workspace/zephyr/subsys/random/CMakeLists.txt:12 (message): Warning: CONFIG_TIMER_RANDOM_GENERATOR and CONFIG_TEST_CSPRNG_GENERATOR are not truly random generators. This capability is not secure and it is provided for testing purposes only. Use it carefully. -- Using ccache: /opt/homebrew/bin/ccache CMake Warning at lib/zephyr-workspace/zephyr/modules/mbedtls/CMakeLists.txt:11 (message): No entropy device on the system, using fake entropy source!Proposed implementation
This is likely to mostly be a Zephyr / kconfig task, there might not really be any code to write depending on where / how entropy is currently used in our codebase.
Link to Zephyr Entropy Docs
Pico Entropy Docs
Priority
Low