1# Random configuration options 2 3# Copyright (c) 2017 Intel Corporation 4# SPDX-License-Identifier: Apache-2.0 5 6menu "Random Number Generators" 7 8config TEST_RANDOM_GENERATOR 9 bool "Non-random number generator" 10 depends on !ENTROPY_HAS_DRIVER 11 help 12 This option signifies that the kernel's random number APIs are 13 permitted to return values that are not truly random. 14 This capability is provided for testing purposes, when a truly random 15 number generator is not available. The non-random number generator 16 should not be used in a production environment. 17 18choice RNG_GENERATOR_CHOICE 19 prompt "Random generator" 20 default ENTROPY_DEVICE_RANDOM_GENERATOR 21 depends on ENTROPY_HAS_DRIVER || TEST_RANDOM_GENERATOR 22 help 23 Platform dependent non-cryptographically secure random number support. 24 25 If the entropy support of the platform has sufficient performance 26 to support random request then select that. Otherwise, select the 27 XOSHIRO algorithm 28 29config TIMER_RANDOM_GENERATOR 30 bool "System timer clock based number generator" 31 depends on TEST_RANDOM_GENERATOR 32 help 33 This options enables number generator based on system timer 34 clock. This number generator is not random and used for 35 testing only. 36 37config ENTROPY_DEVICE_RANDOM_GENERATOR 38 bool "Use entropy driver to generate random numbers" 39 depends on ENTROPY_HAS_DRIVER 40 help 41 Enables a random number generator that uses the enabled hardware 42 entropy gathering driver to generate random numbers. Should only be 43 selected if hardware entropy driver is designed to be a random 44 number generator source. 45 46config XOROSHIRO_RANDOM_GENERATOR 47 bool "Use Xoroshiro128+ as PRNG (DEPRECATED)" 48 help 49 This is deprecated, please use XOSHIRO_RANDOM_GENERATOR instead. 50 51config XOSHIRO_RANDOM_GENERATOR 52 bool "Use Xoshiro128++ as PRNG" 53 depends on ENTROPY_HAS_DRIVER 54 help 55 Enables the Xoshiro128++ pseudo-random number generator, that uses 56 the entropy driver as a seed source. This is a fast general-purpose 57 non-cryptographically secure random number generator. 58 59endchoice # RNG_GENERATOR_CHOICE 60 61# 62# Implied dependency on a cryptographically secure entropy source when 63# enabling CS generators. ENTROPY_HAS_DRIVER is the flag indicating the 64# CS entropy source. 65# 66config CSPRING_ENABLED 67# bool "Cryptographically secure RNG functions enabled" 68 bool 69 default y 70 depends on ENTROPY_HAS_DRIVER 71 72choice CSPRNG_GENERATOR_CHOICE 73 prompt "Cryptographically secure random generator" 74 default HARDWARE_DEVICE_CS_GENERATOR 75 help 76 Platform dependent cryptographically secure random number support. 77 78 If the hardware entropy support of the platform has sufficient 79 performance to support CSRNG then select that. Otherwise, select 80 CTR-DRBG CSPRNG as that is a FIPS140-2 recommmended CSPRNG. 81 82config HARDWARE_DEVICE_CS_GENERATOR 83 bool "Use hardware random driver for CS random numbers" 84 depends on ENTROPY_HAS_DRIVER 85 help 86 Enables a cryptographically secure random number generator that 87 uses the enabled hardware random number driver to generate 88 random numbers. 89 90config CTR_DRBG_CSPRNG_GENERATOR 91 bool "Use CTR-DRBG CSPRNG" 92 depends on MBEDTLS || TINYCRYPT 93 depends on ENTROPY_HAS_DRIVER 94 select TINYCRYPT_CTR_PRNG if TINYCRYPT 95 select TINYCRYPT_AES if TINYCRYPT 96 help 97 Enables the CTR-DRBG pseudo-random number generator. This CSPRNG 98 shall use the entropy API for an initialization seed. The CTR-DRBG 99 is a a FIPS140-2 recommended cryptographically secure random number 100 generator. 101 102endchoice # CSPRNG_GENERATOR_CHOICE 103 104config CS_CTR_DRBG_PERSONALIZATION 105 string "CTR-DRBG Personalization string" 106 default "zephyr ctr-drbg seed" 107 depends on CTR_DRBG_CSPRNG_GENERATOR 108 help 109 Personalization data can be provided in addition to the entropy 110 source to make the initialization of the CTR-DRBG as unique as 111 possible. 112 113endmenu 114
