Key points shown in the diagram
1. The **factory HSM** creates a 256‑bit Device‑Unique‑Key (DUK) and derives the OTP‑stored factory seed (FSEED) via SHA‑256(DUK‖0x00).
2. The **Thermal‑Noise Generator** synthesises *composite analog waveforms* (multiple sine tones, jitter, deterministic phase steps) that model the Johnson‑Nyquist resistor noise used by Ledger’s TRNG.
3. The **ADC** samples these waveforms at the hardware rate (48 kS/s), quantises to 12 bits, and the **`getAdcReading()`** wrapper skips a deterministic number of samples to obtain the logical read‑out rate (≈ 2 kHz). Each call yields one 12‑bit word (0 … 4095).
4. **Block Builder** groups 128 consecutive 12‑bit words (4096 bits) into an ADC block.
5. The **Entropy Pool** is a SHA‑256‑based stateful DRBG: the first state is SHA‑256(FSEED ∥ first‑ADC‑block); each subsequent block updates the state with SHA‑256(state ∥ next‑ADC‑block).
6. The **DRBG extraction** step produces random bytes for the **Ledger firmware**, which uses them for signatures, nonces, key generation, etc.
7. The whole flow is **fully deterministic** (the same seed and the same ADC settings always produce the same sequence), which is essential for reproducible testing and analysis.