fix(security): Clarify TRNG engine ownership by OPTEE

The SDK by default provides control of TRNG engine to OP-TEE, which
also firewalls the associated MMR regions.
Document this design choice for clarity.

Signed-off-by: Shiva Tripathi <s-tripathi1@ti.com>

Author: shiva-ti

source/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/DTHEv2.rst

@@ -216,10 +216,12 @@ software only implementation can be compared to the previous test.
 Using the True Random Number Generator (TRNG) Hardware Accelerator
 ******************************************************************
 
-The pre-built kernel included within the SDK already has the OP-TEE TRNG
-driver enabled. You do not need any further configuration.
+In the default SDK, OP-TEE controls the TRNG engine and firewalls its
+hardware registers, blocking outside access. To use TRNG from Linux instead,
+disable the OP-TEE driver and enable the RNG node in the Linux device tree.
 
-Verify that the optee-rng driver is loaded:
+Using TRNG from OP-TEE requires no further configuration. Verify that the 
+optee-rng driver is loaded:
 
 .. code-block:: console
 

source/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/SA2UL_OMAP.rst

@@ -304,8 +304,12 @@ software only implementation can be compared to the previous test.
 Using the TRNG Hardware Accelerator
 ***********************************
 
-The pre built kernel that come with the SDK already has the TRNG driver
-built into the kernel. No further configuration is required.
+In the default SDK, OP-TEE controls the TRNG engine and firewalls its
+hardware registers, blocking outside access. To use TRNG from Linux instead,
+disable the OP-TEE driver and enable the RNG node in the Linux device tree.
+
+Using TRNG from OP-TEE requires no further configuration. Verify that the 
+optee-rng driver is loaded:
 
 .. ifconfig:: CONFIG_crypto in ('sa2ul')