diff --git a/biometrics/fingerprint/aidl/default/include/FakeFingerprintEngine.h b/biometrics/fingerprint/aidl/default/include/FakeFingerprintEngine.h
index 6667f7a7f0..b92777068c 100644
--- a/biometrics/fingerprint/aidl/default/include/FakeFingerprintEngine.h
+++ b/biometrics/fingerprint/aidl/default/include/FakeFingerprintEngine.h
@@ -17,14 +17,19 @@
 #pragma once
 
 #include <android-base/logging.h>
+#include <random>
 
 namespace aidl::android::hardware::biometrics::fingerprint {
 
 class FakeFingerprintEngine {
   public:
+    FakeFingerprintEngine() : mRandom(std::mt19937::default_seed) {}
+
     void generateChallengeImpl(ISessionCallback* cb) {
         LOG(INFO) << "generateChallengeImpl";
-        cb->onChallengeGenerated(0 /* challenge */);
+        std::uniform_int_distribution<int64_t> dist;
+        auto challenge = dist(mRandom);
+        cb->onChallengeGenerated(challenge);
     }
 
     void revokeChallengeImpl(ISessionCallback* cb, int64_t challenge) {
@@ -32,8 +37,13 @@ class FakeFingerprintEngine {
         cb->onChallengeRevoked(challenge);
     }
 
-    void enrollImpl(ISessionCallback* cb, const keymaster::HardwareAuthToken& /*hat*/) {
+    void enrollImpl(ISessionCallback* cb, const keymaster::HardwareAuthToken& hat) {
         LOG(INFO) << "enrollImpl";
+        // Do proper HAT verification in the real implementation.
+        if (hat.mac.empty()) {
+            cb->onError(Error::UNABLE_TO_PROCESS, 0 /* vendorError */);
+            return;
+        }
         cb->onEnrollmentProgress(0 /* enrollmentId */, 0 /* remaining */);
     }
 
@@ -71,6 +81,8 @@ class FakeFingerprintEngine {
         LOG(INFO) << "resetLockoutImpl";
         cb->onLockoutCleared();
     }
+
+    std::mt19937 mRandom;
 };
 
 }  // namespace aidl::android::hardware::biometrics::fingerprint