Hello,
we have a working system on the nrf9161 that works without zephyr. We have our own secure firmware that successfully uses the cc310 after we start the actual application. It uses TLS and everything – but for my current problem I cannot use that integration.
I am currently working on the bootloader, which is an independent firmware that (upon other tasks) has MCUboot implemented and checks firmware signatures. Since we do not have access to the mbetls-crypto library at this point, we cannot access the cryptocell. As suggested, we are using the tinycrypt replacement provided by nordic for this purpose explicitly. This works all well and we have been using this setup for years.
My problem is, that for a new requirement I will be needing a few bytes of entropy inside the bootloader for cryptographic operations (so I need true random numbers). This is hard to generate on an embedded device, but we do have the cc310 on the device for that purpose. The problem is: I cannot access the cc310 without bringing multiple blackbox a-files into the project (the libnrf_cc310_*.a mentioned in the title). I do not want to pull those into this critical component. But even if I wanted to, I would run into problems. I tried to include the libs into the firmware to see how much the firmware would grow in size and if I would be able to fit it in. But since we are using the tinycrypt mbedtls replacement, I get a load of linker errors if I try that (duplicate function definitions).
All this hassle feels overkill anyways to produce just a few bytes of entropy. Is there any way to use the trng of the cc310 without all this? Or is there any other way to generate truly random entropy with the nrf9161 that eludes me? The fewer dependencies I draw into this, the better. I am not afraid to access registers directly, but there is no description of any API for the trng.
Thanks,
Peer