Good entropy is essential for any CPRNG (Crypto Pseudo Random Number Generator) as random generators are used to computed the RSA keypairs in UA certificates as well as the Nonces for deriving the symmetric keys or any other crypto keys.

Especially embedded systems have problems to gather enough information to extract entropy. Whereas PCs can use several individual pieces of information (hardware ids like CPU, Mac, addresses, USB devices, screen resolution, installed software, ...) embedded devices are built completely identically. Often only the time and maybe a MAC address is left for entropy.

It is very important to understand the encryption is useless if the keys are predictable.

This makes the embedded devices very vulnerable. A common mistake is to generate cryptographic keys during the first boot. So also time information is predictable (creation time is stored e.g. in a certificate).

Different solutions are possible:

• Add specific entropy generator hardware when designing embedded devices.
  (See http://www.ibbergmann.org/ for one example)
• don't generate certificate on embedded devices (use something like GDS).
  Still the problem for symmetric keys remain, but these are normally not created directly during the boot phase.
• Wait long enough until enough entropy information is available.
  On Linux this can be checked by reading /proc/sys/kernel/random/entropy_avail
• For embedded systems without any good information source it may help to store the CPRNG state, so that it will not produces the same random numbers after every boot.