I meet a problem when I call function `psa_crypto_init`, it return error code -148 that was PSA_ERROR_INSUFFICIENT_ENTROPY. I track this function step by step and found it caused by MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED. Code in entropy.c, if( ctx->source_count == 0 ), return this error. My question: I run code on Ubuntu, it runs well. But in some arm board, it returns this error. Why this count will be 0 sometimes? What is the root cause of this error.
Hello,
Calling psa_crypto_init() initializes the random generator. This fails if no entropy sources are configured.
If your board has a hardware random generator, you need to enable the compilation option MBEDTLS_ENTROPY_HARDWARE_ALT and implement the function mbedtls_hardware_poll().
If your board does not have a hardware random generator, you need to enable the seed file. To do that, to enable the compilation option MBEDTLS_ENTROPY_NV_SEED, and if necessary implement the seed file functions. See https://mbed-tls.readthedocs.io/en/latest/kb/how-to/how_to_integrate_nv_seed... for more details. Then, when you provision each board, you need to inject an initial seed file. The initial seed file must be generated on a trusted device, must be fully random, and must be confidential.
Best regards,
mbed-tls@lists.trustedfirmware.org
-
Gilles Peskine -
韩轾