Crypto: Highlight unsafe NULL entropy more explicitly The MBEDTLS_TEST_NULL_ENTROPY is only to used for test purposes and production platforms must use a hardware entropy source for stronger cryptographic security. Although there is a build warning message from MbedCrypto regarding this, this patch makes this more explicit by adding a runtime message and clarifying the integration guide. Signed-off-by: Soby Mathew <soby.mathew@arm.com> Change-Id: I773a3c509dafdd5ffcd46ae5227acbc84aa81129

commit: 803886d307057a945476aceaf009a98a26af0f51 [log] [tgz]
author: Soby Mathew <soby.mathew@arm.com> Mon Aug 10 12:18:03 2020 +0100
committer: Soby Mathew <soby.mathew@arm.com> Tue Sep 08 12:16:54 2020 +0100
tree: ae480c33ad850f252cbd49a2594024cfdd26abb9
parent: 7329d7e9991db8e0389b9d829c2411f428c2ffa1 [diff] [blame]
diff --git a/secure_fw/partitions/crypto/crypto_init.c b/secure_fw/partitions/crypto/crypto_init.c
index f706395..265fcfb 100644
--- a/secure_fw/partitions/crypto/crypto_init.c
+++ b/secure_fw/partitions/crypto/crypto_init.c

@@ -9,6 +9,7 @@
 
 #include "tfm_crypto_api.h"
 #include "tfm_crypto_defs.h"
+#include "log/tfm_log.h"
 
 /*
  * \brief This Mbed TLS include is needed to initialise the memory allocator
@@ -279,6 +280,11 @@
 
 static psa_status_t tfm_crypto_engine_init(void)
 {
+    /* Log unsafe entropy source */
+#if defined (MBEDTLS_TEST_NULL_ENTROPY)
+    LOG_MSG("\033[1;34m[Crypto] MBEDTLS_TEST_NULL_ENTROPY is not suitable for production!\033[0m\r\n");
+#endif
+
     /* Initialise the Mbed Crypto memory allocator to use static
      * memory allocation from the provided buffer instead of using
      * the heap
commit	803886d307057a945476aceaf009a98a26af0f51	[log] [tgz]
author	Soby Mathew <soby.mathew@arm.com>	Mon Aug 10 12:18:03 2020 +0100
committer	Soby Mathew <soby.mathew@arm.com>	Tue Sep 08 12:16:54 2020 +0100
tree	ae480c33ad850f252cbd49a2594024cfdd26abb9
parent	7329d7e9991db8e0389b9d829c2411f428c2ffa1 [diff] [blame]