Psa entropy

[febdoctor]

Description

The PSA Crypto Driver Interface describes entry points for collecting entropy from drivers. Currently, MbedTLS does not have any kind of support for those PSA driver entry points. This is a very simple solution to get the ball rolling and that can be extended and improved later on.

It integrates into the existing Mbed TLS entropy collection infrastructure. The integration takes into account the reported amount of entropy from the driver entry point.

Status

IN DEVELOPMENT

Currently, the template "psa_crypto_driver_wrappers.c.jinja" does not fill in any driver entry points. This could be added after PR #5396 has been merged.

Requires Backporting

New feature. No backporting needed.

Migrations

No API migration.

Todos

For those 3 TODO items, how would they apply here? How could they be done?

• [ ] Tests
• [ ] Documentation
• [ ] Changelog updated

[gilles-peskine-arm]

Labelling “approved for design” for the library's internal design. We'll still need to agree on testing. Regarding testing, we can introduce the feature as experimental and insufficiently tested, and add more tests in follow-up pull requests over the following weeks/months.

[daverodgman]

Update from @febdoctor - some work on his side still remains to update the tests. Currently stalled due to other priorities - but planning to resume this at some point.

[tom-daubney-arm]

We are now converting older PRs to draft PRs where the following conditions are met: They have not been updated in the last 3 months, and they need more than non-trivial work to complete.