Hi all,
Does anyone know if using software random generator seeded with TRNG to provide random delays for Fault Injection Hardening library is correct from PSA Level 3 certification point of view?
The basic idea is to :
1. Use TRNG to provide seed for software random generator on fih_delay_init. 2. Use software random generator to implement fih_delay_random. 3. Periodically reseed software random generator with data from TRNG (optional).
Thanks, Roman.
Hey Roman
Yes, that's a perfectly reasonable way to use it, provided that the software RNG has a proper entropy source, which in your case is a TRNG which is fine.
The reason we haven't implemented a default using this is that our only default entropy source for the software RNG is currently stored in ITS, and hence not usable in many cases (such as BL2).
Raef
________________________________________ From: TF-M tf-m-bounces@lists.trustedfirmware.org on behalf of Roman Mazurak via TF-M tf-m@lists.trustedfirmware.org Sent: 02 November 2021 11:48 To: tf-m@lists.trustedfirmware.org Subject: [TF-M] Using software random generator for FIH library
Hi all,
Does anyone know if using software random generator seeded with TRNG to provide random delays for Fault Injection Hardening library is correct from PSA Level 3 certification point of view?
The basic idea is to :
1. Use TRNG to provide seed for software random generator on fih_delay_init. 2. Use software random generator to implement fih_delay_random. 3. Periodically reseed software random generator with data from TRNG (optional).
Thanks, Roman.
tf-m@lists.trustedfirmware.org
-
Raef Coles -
Roman.Mazurak@infineon.com