nrf_security: update entropy config to enable ENTROPY_GENERATOR

Update kconfig to set ENTROPY_GENERATOR directly when psa_rng is set.
nrf_security bypasses part of the zephyr build system by setting
CONFIG_MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG directly.
This causes the upstream entropy tests to fail because
no entropy driver is set automatically on 54l/71 devices.
Normally this is not a problem as PSA_WANT_GENERATE_RANDOM
is set specifically in ncs projects.

Signed-off-by: Dag Erik Gjørvad <[email protected]>

Author: degjorva

subsys/nrf_security/Kconfig

@@ -35,8 +35,9 @@ config NRF_SECURITY
 	depends on SOC_FAMILY_NORDIC_NRF
 	default y if BUILD_WITH_TFM
 	# entropy is provided by PSA and NRF_SECURITY on NRF54LX and NRF71X
-	default y if DT_HAS_ZEPHYR_PSA_CRYPTO_RNG_ENABLED && SOC_SERIES_NRF54LX && !IS_BOOTLOADER_IMG && GEN_ISR_TABLES
-	default y if DT_HAS_ZEPHYR_PSA_CRYPTO_RNG_ENABLED && SOC_SERIES_NRF71X && !IS_BOOTLOADER_IMG && GEN_ISR_TABLES
+	default y if DT_HAS_ZEPHYR_PSA_CRYPTO_RNG_ENABLED && (SOC_SERIES_NRF54LX || SOC_SERIES_NRF71X) && !IS_BOOTLOADER_IMG && GEN_ISR_TABLES
+	# When PSA RNG is present on nRF54Lx/nRF71x, ensure entropy drivers are enabled
+	select ENTROPY_GENERATOR if DT_HAS_ZEPHYR_PSA_CRYPTO_RNG_ENABLED && (SOC_SERIES_NRF54LX || SOC_SERIES_NRF71X) && !IS_BOOTLOADER_IMG && GEN_ISR_TABLES
 	select DISABLE_MBEDTLS_BUILTIN if MBEDTLS
 	# NCS does not use TF-M's BL2 bootloader, but uses it's own fork
 	# of MCUBoot instead (CONFIG_BOOTLOADER_MCUBOOT).