From 14ccb9984c8a7922b62048e4f761ba68f676d587 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vincent=20Stehl=C3=A9?= <vincent.stehle@arm.com>
Date: Wed, 12 Nov 2025 18:02:27 +0100
Subject: [PATCH 1/2] references: add reference to arm trng specification
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add a reference to the Arm True Random Number Generator Firmware Interface
version 1.0, to prepare adding requirements around TRNG.

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
---
 source/references.rst | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/source/references.rst b/source/references.rst
index 63fe763..d4058a4 100644
--- a/source/references.rst
+++ b/source/references.rst
@@ -73,3 +73,7 @@ Bibliography
 .. [TCG2] `TCG EFI Protocol Specification, Family “2.0”, Level 00 Revision 00.13
    <https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf>`_,
    March 2016, `Trusted Computing Group <https://trustedcomputinggroup.org/>`_
+
+.. [TRNG] `Arm True Random Number Generator Firmware Interface version 1.0
+   <https://developer.arm.com/documentation/den0098/1-0>`_,
+   January 2022, `Arm Limited <https://www.arm.com/>`_

From c9319b10c66af27af12004cfa9c57d7c114c9fb1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vincent=20Stehl=C3=A9?= <vincent.stehle@arm.com>
Date: Wed, 12 Nov 2025 18:15:48 +0100
Subject: [PATCH 2/2] chapter3: recommend trng
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

On AArch64 systems with an entropy source, recommend the TRNG interface
1.0.

Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
---
 source/chapter3-secureworld.rst | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/source/chapter3-secureworld.rst b/source/chapter3-secureworld.rst
index 38ec9a1..38b2565 100644
--- a/source/chapter3-secureworld.rst
+++ b/source/chapter3-secureworld.rst
@@ -128,6 +128,17 @@ implementation requirements take precedence. [#SCMINote]_
    which eases agents and platforms interoperability, and this is therefore the
    recommended implementation.
 
+AArch64 Random Number Generator
+-------------------------------
+
+On AArch64 platforms, if the platform has a hardware entropy source it is
+recommended that privileged or secure firmware implements the True Random Number
+Generator Firmware Interface version 1.0, as defined in [TRNG]_. [#TRNGNote]_
+
+.. [#TRNGNote] The firmware TRNG is complementary to the `EFI_RNG_PROTOCOL` as
+   it can be used at runtime.
+   The TRNG interface requires SMCCC version 1.1 or later.
+
 RISC-V Multiprocessor Startup Protocol
 ======================================