diff --git a/include/interface/hwcrypto/hwcrypto.h b/include/interface/hwcrypto/hwcrypto.h
index 0a62ea2..270c579 100644
--- a/include/interface/hwcrypto/hwcrypto.h
+++ b/include/interface/hwcrypto/hwcrypto.h
@@ -38,6 +38,7 @@ enum hwcrypto_command {
 
     HWCRYPTO_HASH            = (1 << HWCRYPTO_REQ_SHIFT),
     HWCRYPTO_ENCAP_BLOB      = (2 << HWCRYPTO_REQ_SHIFT),
+    HWCRYPTO_GEN_RNG         = (3 << HWCRYPTO_REQ_SHIFT),
 };
 
 /**
@@ -96,4 +97,12 @@ typedef struct hwcrypto_blob_msg {
     uint32_t blob_pa;
 }hwcrypto_blob_msg;
 
+/**
+ * @buf:  physical start address of the output rng buf.
+ * @len:  size of required rng.
+ */
+typedef struct hwcrypto_rng_msg {
+    uint32_t buf;
+    uint32_t len;
+}hwcrypto_rng_msg;
 #endif /* TRUSTY_INTERFACE_HWCRYPTO_H_ */
diff --git a/include/trusty/hwcrypto.h b/include/trusty/hwcrypto.h
index 22f0835..9a510a8 100644
--- a/include/trusty/hwcrypto.h
+++ b/include/trusty/hwcrypto.h
@@ -66,4 +66,12 @@ int hwcrypto_hash(uint32_t in_addr, uint32_t in_len, uint32_t out_addr,
  */
 int hwcrypto_gen_blob(uint32_t plain_pa,
                       uint32_t plain_size, uint32_t blob_pa);
+
+/* Send request to secure side to generate rng with caam.
+ * Returns one of trusty_err.
+ *
+ * @buf: physical start address of the output rng buf.
+ * @len: size of required rng.
+ * */
+int hwcrypto_gen_rng(uint32_t buf, uint32_t len);
 #endif /* TRUSTY_HWCRYPTO_H_ */
diff --git a/lib/trusty/ql-tipc/hwcrypto.c b/lib/trusty/ql-tipc/hwcrypto.c
index 02b7b19..ccaf18b 100644
--- a/lib/trusty/ql-tipc/hwcrypto.c
+++ b/lib/trusty/ql-tipc/hwcrypto.c
@@ -218,3 +218,25 @@ int hwcrypto_gen_blob(uint32_t plain_pa,
                               sizeof(req), NULL, 0, false);
     return rc;
 }
+
+int hwcrypto_gen_rng(uint32_t buf, uint32_t len)
+{
+    hwcrypto_rng_msg req;
+    unsigned long start, end;
+
+    /* check the address */
+    if (buf == 0)
+        return TRUSTY_ERR_INVALID_ARGS;
+    /* fill the request buffer */
+    req.buf = buf;
+    req.len = len;
+
+    /* invalidate dcache for output buffer */
+    start = (unsigned long)buf & ~(ARCH_DMA_MINALIGN - 1);
+    end   = ALIGN((unsigned long)buf + len, ARCH_DMA_MINALIGN);
+    invalidate_dcache_range(start, end);
+
+    int rc = hwcrypto_do_tipc(HWCRYPTO_GEN_RNG, (void*)&req,
+                              sizeof(req), NULL, 0, false);
+    return rc;
+}