Chapter 2. API Reference
• RF subsystem is enabled (i.e. Wi-Fi is enabled).
• An internal entropy source has been enabled by calling bootloader_random_enable() and not yet
disabled by calling bootloader_random_disable().
• While the ESP-IDF Second stage bootloader is running. This is because the default ESP-IDF boot-
loader implementation calls bootloader_random_enable() when the bootloader starts, and boot-
loader_random_disable() before executing the app.
When any of these conditions are true, samples of physical noise are continuously mixed into the internal hardware
RNG state to provide entropy. Consult the ESP32-S2 Technical Reference Manual > Random Number Generator
(RNG) [PDF] chapter for more details.
If none of the above conditions are true, the output of the RNG should be considered pseudo-random only.
Startup
During startup, ESP-IDF bootloader temporarily enables a non-RF entropy source (internal reference voltage noise)
that provides entropy for any first boot key generation. However, after the app starts executing then normally only
pseudo-random numbers are available until Wi-Fi is initialized.
To re-enable the entropy source temporarily during app startup, or for an application that does not use Wi-Fi, call
the function bootloader_random_enable() to re-enable the internal entropy source. The function boot-
loader_random_disable() must be called to disable the entropy source again before using ADC, Wi-Fi.
Note: The entropy source enabled during the boot process by the ESP-IDF Second Stage Bootloader will seed the
internal RNG state with some entropy. However, the internal hardware RNG state is not large enough to provide a
continuous stream of true random numbers. This is why a continuous entropy source must be enabled whenever true
random numbers are required.
Note: If an application requires a source of true random numbers but it is not possible to permanently enable a
hardware entropy source, consider using a strong software DRBG implementation such as the mbedTLS CTR-DRBG
or HMAC-DRBG, with an initial seed of entropy from hardware RNG true random numbers.
Secondary Entropy
ESP32-S2 RNG contains a secondary entropy source, based on sampling an asynchronous 8MHz internal oscillator
(see the Technical Reference Manual for details). This entropy source is always enabled in ESP-IDF and continuously
mixed into the RNG state by hardware. In testing, this secondary entropy source was sufficient to pass the Dieharder
random number test suite without the main entropy source enabled (test input was created by concatenating short
samples from a continuously resetting ESP32-S2). However, it is currently only guaranteed that true random numbers
will be produced when the main entropy source is also enabled as described above.
API Reference
Header File
• components/esp_hw_support/include/esp_random.h
Functions
uint32_t esp_random(void)
Get one random 32-bit word from hardware RNG.
If Wi-Fi or Bluetooth are enabled, this function returns true random numbers. In other situations, if true
random numbers are required then consult the ESP-IDF Programming Guide“Random Number Generation”
section for necessary prerequisites.
Espressif Systems 1036
Submit Document Feedback
Release v4.4
To Next Page
Loading...
Need help?
General