 Hello and welcome to this presentation of the STM32 Random Number Generator. The features of this peripheral, which is widely used to provide random numbers, will be covered in this presentation. The Random Number Generator, or RNG, integrated inside STM32 products provides random numbers which are used when producing an unpredictable result is desirable. Applications can benefit from the RNG to increase the randomness of numbers or to decrease the possibility of guessing certain values. RNG1 is a secure peripheral under ETCPC control through ETCPC DECPROT 0 bit 7. RNG2 is a non-secure peripheral. The RNG1 instance can be allocated to the ARM Cortex-A7 secure core to be controlled in OPTI by the RNG OPTI driver or the ARM Cortex-A7 non-secure core for using in Linux by the Linux hardware random framework. The RNG2 instance can be allocated to the ARM Cortex-M4 core to be controlled in the STM32 CUBE MPU package by the STM32 CUBE RNG driver. The RNG peripheral is based on continuous analog noise that provides a random 32-bit value which will be explained in detail later on. The RNG is able to generate 4 32-bit random numbers at a minimum frequency of 213 system clock cycles. Rule of thumb is the lower the RNG clock, the better the entropy for the sampled random source. The data ready flag is set in the status register when a set of new random data is ready and validated. It must always be used. The RNG performs a basic verification of randomness on the provided data. For example, if more than 64 consecutive bits have the same value, 0 or 1, or there are more than 32 consecutive alternating 0s and 1s, a seed error current status flag is set. A clock error current status flag is set if the RNG clock is less than HCLK clock divided by 32. This check can be disabled, especially when the RNG clock is initialized low for maximum entropy. An interrupt source can also be enabled to indicate an abnormal seed sequence or frequency error. This simplified block diagram of the RNG shows its basic functional and control modules. The random number generator is based on an analog circuit made of several ring oscillators whose outputs are sampled, then XOR'd, to generate the seeds that feed a digital post-processing block that is able to produce 4 32-bit random numbers per round of computation. The sampling of analog seeds is clocked by a dedicated RNG clock signal so that the quality of the random number is independent of the HCLK frequency. The contents of the post-processing block are transferred into the data register through a four-word FIFO. The data ready flag, or DRDY, is triggered as soon as the FIFO is full and is automatically reset when no more data can be read back from the RNG. In parallel, an error management block verifies the correct seed behavior and the frequency of the RNG source clock. Status bits are set and an interrupt is triggered if an abnormal sequence is detected in the seed or if the RNG frequency is too low. The RNG frequency error check must be disabled if the RNG clock is fixed below HBCLK32, for example, for quality reasons. The true random number generator is only active in run mode. It can be kept enabled in sleep mode to avoid the latency at initialization time. It is disabled for the other low power modes and is completely powered down in standby or shutdown modes. The RNG can be used for a wide range of applications including cryptography, games, and statistical sampling. For example, all the security of cryptography algorithms are connected to the impossibility of guessing the key. So the key has to be a random number. Otherwise, the attacker can guess it. This is a list of peripherals related to the random number generator. Please refer to the RCC, RNG clock control, RNG enable reset for more information if needed. And please refer to CRIP or hash training if you want to know more about cryptographic engines. For more details, please refer to application note AN4230 about using the NIST statistical test suite to validate the random numbers generated by a selection of STM32 MCUs.