sdh: simplifications and improvements

doc/nrf-bm/release_notes/release_notes_changelog.rst

@@ -27,6 +27,10 @@ No changes since the latest nRF Connect SDK Bare Metal release.
 SoftDevice Handler
 ==================
 
+* Added:
+
+  * The :option:`NRF_SDH_SOC_RAND_SEED` Kconfig option to control whether to automatically respond to SoftDevice random seed requests.
+
 * Removed:
 
   * The ``NRF_SDH_BLE`` Kconfig option.

subsys/softdevice_handler/CMakeLists.txt

@@ -12,6 +12,8 @@ zephyr_library_sources(
   irq_connect.c
 )
 
+zephyr_library_sources_ifdef(CONFIG_NRF_SDH_SOC_RAND_SEED rand_seed.c)
+
 if(CONFIG_SOFTDEVICE_S115)
   zephyr_library_sources(irq_forward.s)
   # Suppress the swap_helper.S file so that z_arm_svc can be defined manually

subsys/softdevice_handler/Kconfig

@@ -6,9 +6,6 @@
 menuconfig NRF_SDH
 	bool "Softdevice handler"
 	depends on SOFTDEVICE
-	depends on NRF_SECURITY
-	depends on MBEDTLS_PSA_CRYPTO_C
-	depends on PSA_WANT_GENERATE_RANDOM
 
 if NRF_SDH
 
@@ -105,6 +102,15 @@ config NRF_SDH_BLE_VS_UUID_COUNT
 config NRF_SDH_BLE_SERVICE_CHANGED
 	bool "Include the Service Changed characteristic in the Attribute Table"
 
+config NRF_SDH_SOC_RAND_SEED
+	bool "Automatically respond to SoftDevice random seeds requests"
+	depends on NRF_SECURITY
+	depends on MBEDTLS_PSA_CRYPTO_C
+	default y
+	help
+	  Automatically seed SoftDevice upon NRF_EVT_RAND_SEED_REQUEST events,
+	  using CRACEN to generate the random seed.
+
 config NRF_SDH_STR_TABLES
 	bool "Build string tables for SoftDevice handler events"
 	default y

subsys/softdevice_handler/nrf_sdh_soc.c

@@ -6,11 +6,9 @@
 
 #include <stddef.h>
 #include <stdint.h>
+#include <nrf_soc.h>
 #include <nrf_sdh.h>
 #include <nrf_sdh_soc.h>
-#include <nrf_soc.h>
-#include <psa/crypto.h>
-#include <cracen_psa.h>
 #include <zephyr/logging/log.h>
 
 LOG_MODULE_DECLARE(nrf_sdh, CONFIG_NRF_SDH_LOG_LEVEL);
@@ -43,27 +41,6 @@ static const char *tostr(uint32_t evt)
 	}
 }
 
-static void softdevice_rng_seed(void)
-{
-	uint32_t err = NRF_ERROR_INVALID_DATA;
-	psa_status_t status;
-	uint8_t seed[SD_RAND_SEED_SIZE];
-
-	status = cracen_get_trng(seed, sizeof(seed));
-	if (status == PSA_SUCCESS) {
-		err = sd_rand_seed_set(seed);
-		memset(seed, 0, sizeof(seed));
-		if (err == NRF_SUCCESS) {
-			LOG_DBG("SoftDevice RNG seeded");
-			return;
-		}
-	} else {
-		LOG_ERR("Generate random failed, psa status %d", status);
-	}
-
-	LOG_ERR("Failed to seed SoftDevice RNG, nrf_error %#x", err);
-}
-
 static void soc_evt_poll(void *context)
 {
 	uint32_t err;
@@ -81,10 +58,6 @@ static void soc_evt_poll(void *context)
 			LOG_DBG("SoC event: 0x%x", evt_id);
 		}
 
-		if (evt_id == NRF_EVT_RAND_SEED_REQUEST) {
-			softdevice_rng_seed();
-		}
-
 		/* Forward the event to SoC observers. */
 		TYPE_SECTION_FOREACH(
 			struct nrf_sdh_soc_evt_observer, nrf_sdh_soc_evt_observers, obs) {

subsys/softdevice_handler/rand_seed.c

@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2025 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#include <nrf_soc.h>
+#include <nrf_sdh_soc.h>
+#include <psa/crypto.h>
+#include <cracen_psa.h>
+#include <zephyr/logging/log.h>
+
+LOG_MODULE_DECLARE(nrf_sdh, CONFIG_NRF_SDH_LOG_LEVEL);
+
+static void on_rand_seed_evt(uint32_t evt, void *ctx)
+{
+	uint32_t nrf_err;
+	psa_status_t status;
+	uint8_t seed[SD_RAND_SEED_SIZE];
+
+	if (evt != NRF_EVT_RAND_SEED_REQUEST) {
+		/* Not our business */
+		return;
+	}
+
+	status = cracen_get_trng(seed, sizeof(seed));
+	if (status != PSA_SUCCESS) {
+		LOG_ERR("Failed to generate true random number, psa_status %d", status);
+		return;
+	}
+
+	nrf_err = sd_rand_seed_set(seed);
+
+	/* Discard seed immediately */
+	memset(seed, 0, sizeof(seed));
+
+	if (nrf_err != NRF_SUCCESS) {
+		LOG_ERR("Failed to seed SoftDevice RNG, nrf_error %#x", nrf_err);
+		return;
+	}
+
+	LOG_DBG("SoftDevice RNG seeded");
+}
+
+NRF_SDH_SOC_OBSERVER(rand_seed, on_rand_seed_evt, NULL, 0);