wolfEntropy is a jitter based source of entropy provided by wolfSSL. Evaluating entropy sources is a critical step when building secure systems, especially on embedded platforms where hardware RNG behavior must be validated. This post walks through running wolfEntropy on PetaLinux 2025.1 targeting the ZCU102 Evaluation Kit platform and reviewing the results.

The outcome: the assessed minimum entropy is well above 1 bit per bit of output, indicating a strong entropy source suitable for cryptographic use.

Getting started with wolfSSL? Download the latest libraries and start exploring.

Test Environment

Platform: ZCU102 Evaluation Kit OS: PetaLinux 2025.1 Tool: wolfEntropy (from the wolfSSL ecosystem)

Building wolfEntropy

For this test, wolfEntropy was configured with a forced failure memory mode to remove fallback to other sources of entropy. Effectively, this means all entropy generation requests are forced to use wolfEntropy only.

./configure --enable-wolfEntropy CPPFLAGS=-DENTROPY_MEMUSE_FFORCE_FAILURE
make
sudo make install

Then 1,000,000 samples of entropy were collected using the function wc_Entropy_GetRawEntropy() and stored in (entropy-data-8bits-raw.dat). The results were then analyzed using an internal tool and the NIST standard tool SP800-90B_EntropyAssessment:

Results Summary

Shannon Entropy

Bit Stream Shannon Entropy: 0.999302 8-bit Stream Shannon Entropy: 5.848015

Shannon entropy close to 1.0 for the bitstream indicates very high unpredictability per bit.

  Most Common Value (MCV)

Bit Stream MCV Entropy: 0.954539 8-bit Stream MCV Entropy: 4.989713

This measures the dominance of the most common value. Results here indicate no significant bias.

  Additional Estimators Several conservative estimators were applied:

Collision Entropy: 1.000000 Markov Entropy: 0.721522 Compression Entropy: 0.348279 t-Tuple (8-bit): 4.753343 LRS (8-bit): 5.498328 Multi MCW (8-bit): 5.024049 Lag Prediction (8-bit): 5.479641 Multi MMC (8-bit): 5.014290 LZ78Y (8-bit): 5.025156

Each estimator targets different statistical weaknesses, such as repetition, predictability, structure, or compressibility.

Minimum and Assessed Entropy (Internal Tool)

The most important section of the output:

Minimum 8-bit Stream Entropy:          4.753343
Minimum Bit Stream Entropy: 0.348279 2.786234
Assessed Minimum Entropy:          2.786234

The Assessed Minimum Entropy = 2.786234.

For a binary source, anything above 1 bit per bit strongly indicates good entropy quality. Here, the assessment is comfortably above that threshold.

The lowest estimator (compression) is conservative by design. Even with that, the overall assessed entropy remains strong.

Minimum and Assessed Entropy (NIST SP800-90B_EntropyAssessment)

~/SP800-90B_EntropyAssessment/cpp$ ./ea_non_iid entropy-data-8bits-raw.dat 
Running non-IID tests...
Running Most Common Value Estimate...
Running Entropic Statistic Estimates (bit strings only)...
Running Tuple Estimates...
Running Predictor Estimates...
H_original: 4.753343
H_bitstring: 0.348279
min(H_original, 8 X H_bitstring): 2.786233

The Assessed Minimum Entropy = 2.786233.

What This Means

On PetaLinux 2025.1 running on the ZCU102, the tested entropy source:

Shows near-ideal Shannon entropy Has no obvious dominant bias Passes conservative NIST-style entropy estimators Produces an assessed minimum entropy significantly above 1

This indicates the hardware entropy source on the platform is suitable for cryptographic seeding, DRBG initialization, and secure key generation workflows.

Why This Matters

Embedded Linux platforms often rely on hardware RNG blocks, but validation is essential—especially for:

Secure boot chains TLS key generation Device identity provisioning FIPS-related validation efforts

Using wolfEntropy provides quantitative backing for the quality of entropy feeding your cryptographic stack.

  If you have questions about any of the above, please contact us at facts@wolfssl.com or +1 425 245 8247.

Download wolfSSL Now