nrf_security: Don't always enable entropy generator

The ENTROPY_GENERATOR configuration is to be selected by users of the
zephyr entropy interface.
nrf_security provides entropy through the PSA interface, not the
zephyr entropy interface.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>

Kconfig.nrf

@@ -82,11 +82,6 @@ config MCUMGR_TRANSPORT_NETBUF_SIZE
 config BT_BUF_CMD_TX_COUNT
 	default 10 if SOC_NRF5340_CPUAPP || SOC_NRF5340_CPUNET
 
-# Set ENTROPY_GENERATOR to true for TF-M builds with enabled
-# RNG provided from secure services.
-config ENTROPY_GENERATOR
-	default y if BUILD_WITH_TFM
-
 config INIT_ARCH_HW_AT_BOOT
 	default y
 	help

subsys/nrf_security/Kconfig

@@ -35,7 +35,6 @@ config NRF_SECURITY
 	prompt "Enable nRF Security" if !PSA_PROMPTLESS
 	depends on SOC_FAMILY_NRF
 	default y if BUILD_WITH_TFM
-	select ENTROPY_GENERATOR
 	select DISABLE_MBEDTLS_BUILTIN if MBEDTLS
 	help
 	  Set this configuration to enable nRF Security. This provides
@@ -100,6 +99,7 @@ config MBEDTLS_ENTROPY_POLL
 	default y
 	depends on !NRF_CC3XX_PLATFORM
 	depends on !BUILD_WITH_TFM
+	select ENTROPY_GENERATOR
 
 # Include TLS/DTLS and x509 configurations
 rsource "Kconfig.tls"

subsys/nrf_security/src/drivers/zephyr/Kconfig

@@ -7,6 +7,8 @@
 config PSA_NEED_NRF_RNG_ENTROPY_DRIVER
 	bool
 	default y
+	# Cannot select entropy-generator without creating a loop to ENTROPY_PSA_CRYPTO_RNG
+	depends on ENTROPY_GENERATOR
 	select PSA_ACCEL_GET_ENTROPY
 	depends on HAS_HW_NRF_RNG
 	depends on (!PSA_USE_CC3XX_CTR_DRBG_DRIVER && !PSA_USE_CC3XX_HMAC_DRBG_DRIVER) && \