fix(security): Clarify TRNG engine ownership by OPTEE

The SDK by default provides control of TRNG engine to OP-TEE, which
also firewalls the associated MMR regions.
Document this design choice for clarity.

Signed-off-by: Shiva Tripathi <s-tripathi1@ti.com>

Author: shiva-ti

source/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/DTHEv2.rst

@@ -216,9 +216,11 @@ software only implementation can be compared to the previous test.
 Using the True Random Number Generator (TRNG) Hardware Accelerator
 ******************************************************************
 
-The pre-built kernel included within the SDK already has the OP-TEE TRNG
-driver enabled. You do not need any further configuration.
+In the default SDK, OP-TEE controls the TRNG engine and firewalls its
+hardware registers, blocking outside access. To use TRNG from Linux instead,
+disable the OP-TEE driver and enable the RNG node in the Linux device tree.
 
+To use the TRNG driver from OP‑TEE, no further configuration is required.
 Verify that the optee-rng driver is loaded:
 
 .. code-block:: console

source/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/SA2UL_OMAP.rst

@@ -304,8 +304,11 @@ software only implementation can be compared to the previous test.
 Using the TRNG Hardware Accelerator
 ***********************************
 
-The pre built kernel that come with the SDK already has the TRNG driver
-built into the kernel. No further configuration is required.
+In the default SDK, OP-TEE controls the TRNG engine and firewalls its
+hardware registers, blocking outside access. To use TRNG from Linux instead,
+disable the OP-TEE driver and enable the RNG node in the Linux device tree.
+
+To use TRNG driver from OP-TEE, no further configuration is required.
 
 .. ifconfig:: CONFIG_crypto in ('sa2ul')