Hi TF-M and mbedtls community,

I am new to TF-M, I have a few questions about CryptoCell and random number generation. Thank you in advance.

1. I figure there seems to have two CryptoCell 312 implementations within TF-M. One under lib/ext/cryptocell-312-runtime and the other under platform/ext/accelerator/cc312/cc312-rom. What are the difference between these two? 2. For lib/ext/cryptocell-312-runtime, it does not define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG whereas /ext/accelerator/cc312/cc312-rom does. Does that mean cryptocell-312-runtime is initiating RNG cryptodriver by using mbedtls_entropy_add_source whereas cc312-rom is using mbedtls_psa_external_get_randomhttps://github.com/zephyrproject-rtos/trusted-firmware-m/blob/8df9cc8baf46252fd188bba1d87333a8daa9a5e8/platform/ext/accelerator/cc312/cc312-rom/psa_driver_api/src/cc3xx_psa_random.c#L132. If so, may I ask why these two cryptocells take two different approaches? I read from one of the documentation that mbedtls_psa_external_get_random is used when entropy is sufficient. So if entropy is sufficient, is it always preferred to have MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG defined and implements mbedtls_psa_external_get_random? What are the differences between the two approaches. 3. I also found cryptocell-312-runtime defines the entry point function cc3xx_init_randomhttps://github.com/zephyrproject-rtos/trusted-firmware-m/blob/8df9cc8baf46252fd188bba1d87333a8daa9a5e8/platform/ext/accelerator/cc312/cc312-rom/psa_driver_api/src/cc3xx_psa_random.c#L52. But since PSA random number entry point funciton is not complete, the cc3xx_init_random is not being called anywhere, right? [https://opengraph.githubassets.com/17cdebc400b0ed807c620b586b21f3f77ff9c5d3a...]https://github.com/zephyrproject-rtos/trusted-firmware-m/blob/8df9cc8baf46252fd188bba1d87333a8daa9a5e8/platform/ext/accelerator/cc312/cc312-rom/psa_driver_api/src/cc3xx_psa_random.c#L52 trusted-firmware-m/platform/ext/accelerator/cc312/cc312-rom/psa_driver_api/src/cc3xx_psa_random.c at 8df9cc8baf46252fd188bba1d87333a8daa9a5e8 · zephyrproject-rtos/trusted-firmware-mhttps://github.com/zephyrproject-rtos/trusted-firmware-m/blob/8df9cc8baf46252fd188bba1d87333a8daa9a5e8/platform/ext/accelerator/cc312/cc312-rom/psa_driver_api/src/cc3xx_psa_random.c#L52 Zephyr repository tracking https://git.trustedfirmware.org/trusted-firmware-m.git/ - zephyrproject-rtos/trusted-firmware-m github.com

4. I know random number generation PSA entry point function is in development, may I ask when that would be expected to complete?

Thank you very much!

Best regards,

Hao