diff --git a/wolfcrypt/src/port/psa/psa.c b/wolfcrypt/src/port/psa/psa.c
index 99fe5e0d3..8735b99aa 100644
--- a/wolfcrypt/src/port/psa/psa.c
+++ b/wolfcrypt/src/port/psa/psa.c
@@ -28,4 +28,43 @@
 
 #if defined(WOLFSSL_HAVE_PSA)
 
+#include <psa/crypto.h>
+
+#include <wolfssl/wolfcrypt/port/psa/psa.h>
+
+#include <wolfssl/wolfcrypt/error-crypt.h>
+#include <wolfssl/wolfcrypt/types.h>
+
+
+int wc_psa_init()
+{
+    psa_status_t s;
+
+    s = psa_crypto_init();
+    if (s != PSA_SUCCESS)
+        return WC_HW_E;
+
+    return 0;
+}
+
+#if !defined(WOLFSSL_PSA_NO_RNG)
+/**
+ * wc_psa_get_random() - generate @size random bytes in @out
+ * @out: output buffer
+ * @size: number of random bytes to generate
+ *
+ * return: 0 on success
+ */
+int wc_psa_get_random(unsigned char *out, word32 sz)
+{
+    psa_status_t s;
+
+    s = psa_generate_random((uint8_t*)out, sz);
+    if (s != PSA_SUCCESS)
+        return WC_HW_E;
+
+    return 0;
+}
+#endif
+
 #endif /* WOLFSSL_HAVE_PSA */
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index 724e86a8c..d6083fbdb 100644
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -177,6 +177,10 @@ int wc_RNG_GenerateByte(WC_RNG* rng, byte* b)
 #include <wolfssl/wolfcrypt/port/iotsafe/iotsafe.h>
 #endif
 
+#if defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_RNG)
+#include <wolfssl/wolfcrypt/port/psa/psa.h>
+#endif
+
 #if defined(HAVE_INTEL_RDRAND) || defined(HAVE_INTEL_RDSEED)
     static word32 intel_flags = 0;
     static void wc_InitRng_IntelRD(void)
diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c
index 695ea7e2f..bd3a27d0c 100644
--- a/wolfcrypt/src/wc_port.c
+++ b/wolfcrypt/src/wc_port.c
@@ -112,6 +112,11 @@
     #pragma warning(disable: 4996)
 #endif
 
+#if defined(WOLFSSL_HAVE_PSA)
+    #include <wolfssl/wolfcrypt/port/psa/psa.h>
+#endif
+
+
 /* prevent multiple mutex initializations */
 static volatile int initRefCount = 0;
 
@@ -270,6 +275,11 @@ int wolfCrypt_Init(void)
         }
     #endif
 
+    #if defined(WOLFSSL_HAVE_PSA)
+        if ((ret = wc_psa_init()) != 0)
+            return ret;
+    #endif
+
 #ifdef HAVE_ECC
     #ifdef FP_ECC
         wc_ecc_fp_init();
diff --git a/wolfssl/wolfcrypt/port/psa/psa.h b/wolfssl/wolfcrypt/port/psa/psa.h
index a74800a1e..d02fade92 100644
--- a/wolfssl/wolfcrypt/port/psa/psa.h
+++ b/wolfssl/wolfcrypt/port/psa/psa.h
@@ -18,6 +18,19 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
+
+/**
+ * Platform Security Architecture (PSA) header
+ *
+ * If WOLFSSL_HAVE_PSA is defined, wolfSSL can use the cryptographic primitives
+ * exported by a PSA Crypto API.
+ *
+ * Defines:
+ *
+ * WOLFSSL_HAVE_PSA: Global switch to enable PSA
+ * WOLFSSL_PSA_NO_RNG: disable PSA random generator support
+ */
+
 #ifndef WOLFSSL_PSA_H
 #define WOLFSSL_PSA_H
 
@@ -29,5 +42,22 @@
 
 #if defined(WOLFSSL_HAVE_PSA)
 
+#include <psa/crypto.h>
+#include <wolfssl/wolfcrypt/types.h>
+
+
+int wc_psa_init(void);
+
+#if !defined(WOLFSSL_PSA_NO_RNG)
+
+WOLFSSL_API int wc_psa_get_random(unsigned char *out, word32 sz);
+#ifndef HAVE_HASHDRBG
+#define CUSTOM_RAND_GENERATE_BLOCK wc_psa_get_random
+#else
+#define CUSTOM_RAND_GENERATE_SEED wc_psa_get_random
+#endif
+
+#endif
+
 #endif
 #endif /* WOLFSSL_PSA_H */