Hi Gopi,

 

FN_NV_SEED_WR  supposed to be called the first time the entropy context is used to retrieve some entropy. This is tracked by the `initial_entropy_run` member in the `mbedtls_entropy_context` structure (on the initial run it is zero, non-zero otherwise).

 

FN_NV_SEED_WR  not being called might mean that your “Entropy” variable hasn’t been properly initialised or that it has been used before the callbacks are set.

 

Please note that Mbed TLS 2.16.2 has known bugs and vulnerabilities. You should upgrade to the latest bug-fixing version of the 2.16 branch, 2.16.10.

 

Best regards,

Janos

(Mbed TLS developer)

 

From: mbed-tls <mbed-tls-bounces@lists.trustedfirmware.org> on behalf of Subramanian Gopi Krishnan via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Date: Friday, 4 June 2021 at 05:50
To: mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.org>
Cc: T V LIJIN (EXT) <lijin.tv@kone.com>
Subject: Re: [mbed-tls] NV_SEED read working and write not working

Hi,

 

              I am working on a embedded platform, that does not has any entropy source except system ticks. To improve the randomness, I am trying to utilize NV_SEED operations. The version of mbedtls version 2.16.2 is being used.

 

Configuration file I have enabled:

#define MBEDTLS_ENTROPY_NV_SEED

#define MBEDTLS_PLATFORM_NV_SEED_ALT

 

 

After initializing and before seeding random number generator, I assign functions of nv seed read and write to platform seeding function as below.

   if( r = mbedtls_platform_set_nv_seed(FN_NV_SEED_RD, FN_NV_SEED_WR) )

   {

      return( r );

   }

   if( r = mbedtls_ctr_drbg_seed( &CtrDrbg, mbedtls_entropy_func, &Entropy,

                                  (const unsigned char *) u8SeedingString, (size_t)Length ) )

   {

      return ( r );

   }

 

Later functions to generate random and free context.

 

While running, I could see only the FN_NV_SEED_RD  function is getting called. And, FN_NV_SEED_WR  function is not getting called. I tried to add some print statements in mbedtls library function, mbedtls_entropy_update_nv_seed().

 

But it looks like, this function was never called by the library.

  1. Anything else to be done?
  2. someone could help me ensure NV_SEED is properly incorporated
  3. How to trace the issue.

 

 

Thanks,

Gopi Krishnan