wolfEntropy is a jitter based source of entropy provided by wolfSSL. Evaluating entropy sources is a critical step when building secure systems, especially on embedded platforms where hardware RNG behavior must be validated. This post walks through running wolfEntropy on PetaLinux 2025.1 targeting the ZCU102 Evaluation Kit platform and reviewing the results.
The outcome: the assessed minimum entropy is well above 1 bit per bit of output, indicating a strong entropy source suitable for cryptographic use.
Test Environment
- Platform: ZCU102 Evaluation Kit
- OS: PetaLinux 2025.1
- Tool: wolfEntropy (from the wolfSSL ecosystem)
Building wolfEntropy
For this test, wolfEntropy was configured with a forced failure memory mode to remove fallback to other sources of entropy. Effectively, this means all entropy generation requests are forced to use wolfEntropy only.
./configure --enable-wolfEntropy CPPFLAGS=-DENTROPY_MEMUSE_FFORCE_FAILURE make sudo make install
Then 1,000,000 samples of entropy were collected using the function wc_Entropy_GetRawEntropy() and stored in (entropy-data-8bits-raw.dat). The results were then analyzed using an internal tool and the NIST standard tool SP800-90B_EntropyAssessment:
Results Summary
Shannon Entropy
- Bit Stream Shannon Entropy: 0.999302
- 8-bit Stream Shannon Entropy: 5.848015
Shannon entropy close to 1.0 for the bitstream indicates very high unpredictability per bit.
Most Common Value (MCV)
- Bit Stream MCV Entropy: 0.954539
- 8-bit Stream MCV Entropy: 4.989713
This measures the dominance of the most common value. Results here indicate no significant bias.
Additional Estimators
Several conservative estimators were applied:
- Collision Entropy: 1.000000
- Markov Entropy: 0.721522
- Compression Entropy: 0.348279
- t-Tuple (8-bit): 4.753343
- LRS (8-bit): 5.498328
- Multi MCW (8-bit): 5.024049
- Lag Prediction (8-bit): 5.479641
- Multi MMC (8-bit): 5.014290
- LZ78Y (8-bit): 5.025156
Each estimator targets different statistical weaknesses, such as repetition, predictability, structure, or compressibility.
Minimum and Assessed Entropy (Internal Tool)
The most important section of the output:
Minimum 8-bit Stream Entropy: 4.753343 Minimum Bit Stream Entropy: 0.348279 2.786234 Assessed Minimum Entropy: 2.786234
The Assessed Minimum Entropy = 2.786234.
For a binary source, anything above 1 bit per bit strongly indicates good entropy quality. Here, the assessment is comfortably above that threshold.
The lowest estimator (compression) is conservative by design. Even with that, the overall assessed entropy remains strong.
Minimum and Assessed Entropy (NIST SP800-90B_EntropyAssessment)
~/SP800-90B_EntropyAssessment/cpp$ ./ea_non_iid entropy-data-8bits-raw.dat Running non-IID tests... Running Most Common Value Estimate... Running Entropic Statistic Estimates (bit strings only)... Running Tuple Estimates... Running Predictor Estimates... H_original: 4.753343 H_bitstring: 0.348279 min(H_original, 8 X H_bitstring): 2.786233
The Assessed Minimum Entropy = 2.786233.
What This Means
On PetaLinux 2025.1 running on the ZCU102, the tested entropy source:
- Shows near-ideal Shannon entropy
- Has no obvious dominant bias
- Passes conservative NIST-style entropy estimators
- Produces an assessed minimum entropy significantly above 1
This indicates the hardware entropy source on the platform is suitable for cryptographic seeding, DRBG initialization, and secure key generation workflows.
Why This Matters
Embedded Linux platforms often rely on hardware RNG blocks, but validation is essential—especially for:
- Secure boot chains
- TLS key generation
- Device identity provisioning
- FIPS-related validation efforts
Using wolfEntropy provides quantitative backing for the quality of entropy feeding your cryptographic stack.
If you have questions about any of the above, please contact us at facts@wolfssl.com or +1 425 245 8247.
Download wolfSSL Now