commit 618fc15d17f1744c23f3fa4491d9b76aaefcf710
author Raef Coles <raef.coles@arm.com> Fri Jun 18 09:26:46 2021 +0100
committer Raef Coles <raef.coles@arm.com> Thu Oct 07 09:10:40 2021 +0100
tree 99e8de21fe80237b2013fe73bfac4dbe59a3ac42
parent 91fadb93706c9c14eb6352374a8360802ba81e0a

Platform: Use OTP as backing for NV seed

Change from a dummy implementation to loading the inital NV seed into
ITS from the OTP HAL. Enable by default on all platforms that have no
other entropy source. Tidy up cmake config related to entropy sources.
Tidy up mbedtls config changes. This will fallback to a dummy
implementation in library model, but will provide a runtime warning when
that happens.

Change-Id: Ica877a07dc08c1ed67d14cf37cc6b4a1f8479018
Signed-off-by: Raef Coles <raef.coles@arm.com>

config/config_default.cmake

diff --git a/config/config_default.cmake b/config/config_default.cmake
index 841e377..8db2455 100644
--- a/config/config_default.cmake
+++ b/config/config_default.cmake
@@ -108,6 +108,7 @@
 set(CRYPTO_ASYM_ENCRYPT_MODULE_DISABLED FALSE       CACHE BOOL      "Disable PSA Crypto asymmetric key encryption module")
 set(CRYPTO_KEY_DERIVATION_MODULE_DISABLED FALSE     CACHE BOOL      "Disable PSA Crypto key derivation module")
 set(CRYPTO_IOVEC_BUFFER_SIZE            5120        CACHE STRING    "Default size of the internal scratch buffer used for PSA FF IOVec allocations")
+set(CRYPTO_NV_SEED                      ON          CACHE BOOL      "Use stored NV seed to provide entropy")
 
 set(TFM_PARTITION_INITIAL_ATTESTATION   ON          CACHE BOOL      "Enable Initial Attestation partition")
 set(SYMMETRIC_INITIAL_ATTESTATION       OFF         CACHE BOOL      "Use symmetric crypto for inital attestation")