diff --git a/source/chapter3-secureworld.rst b/source/chapter3-secureworld.rst
index 38ec9a1..38b2565 100644
--- a/source/chapter3-secureworld.rst
+++ b/source/chapter3-secureworld.rst
@@ -128,6 +128,17 @@ implementation requirements take precedence. [#SCMINote]_
    which eases agents and platforms interoperability, and this is therefore the
    recommended implementation.
 
+AArch64 Random Number Generator
+-------------------------------
+
+On AArch64 platforms, if the platform has a hardware entropy source it is
+recommended that privileged or secure firmware implements the True Random Number
+Generator Firmware Interface version 1.0, as defined in [TRNG]_. [#TRNGNote]_
+
+.. [#TRNGNote] The firmware TRNG is complementary to the `EFI_RNG_PROTOCOL` as
+   it can be used at runtime.
+   The TRNG interface requires SMCCC version 1.1 or later.
+
 RISC-V Multiprocessor Startup Protocol
 ======================================
 
diff --git a/source/references.rst b/source/references.rst
index 63fe763..d4058a4 100644
--- a/source/references.rst
+++ b/source/references.rst
@@ -73,3 +73,7 @@ Bibliography
 .. [TCG2] `TCG EFI Protocol Specification, Family “2.0”, Level 00 Revision 00.13
    <https://trustedcomputinggroup.org/wp-content/uploads/EFI-Protocol-Specification-rev13-160330final.pdf>`_,
    March 2016, `Trusted Computing Group <https://trustedcomputinggroup.org/>`_
+
+.. [TRNG] `Arm True Random Number Generator Firmware Interface version 1.0
+   <https://developer.arm.com/documentation/den0098/1-0>`_,
+   January 2022, `Arm Limited <https://www.arm.com/>`_