+ Rebecca
Hello Liming,
PcdCpuRngSupportedAlgorithm is currently not set by any platform in the edk2 or
edk2-platforms repository.
It was first introduced by Rebecca in:
commit 4e5ecdbac8bd ("SecurityPkg: Add support for RngDxe on AARCH64")
Except if Rebecca sees an issue in this change, I think this is ok.
Regards,
Pierre
On 6/25/23 05:13, gaoliming wrote:
Pierre:
This patch set moves PCD from
gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm to MdePkg. It may
impact the platform those set this PCD in their DSC. Have you evaluated its
impact?
Thanks
Liming
-----邮件原件-----
发件人: Pierre Gondois <pierre.gond...@arm.com>
发送时间: 2023年6月23日 17:02
收件人: devel@edk2.groups.io
抄送: Michael D Kinney <michael.d.kin...@intel.com>; Liming Gao
<gaolim...@byosoft.com.cn>; Zhiguang Liu <zhiguang....@intel.com>; Jiewen
Yao <jiewen....@intel.com>; Jian J Wang <jian.j.w...@intel.com>; Ard
Biesheuvel <ardb+tianoc...@kernel.org>; Sami Mujawar
<sami.muja...@arm.com>; Jose Marinho <jose.mari...@arm.com>; Samer
El-Haj-Mahmoud <samer.el-haj-mahm...@arm.com>
主题: Re: [edk2-devel] [PATCH v1 0/8] SecurityPkg/MdePkg: RngLib GUID
Hello,
Just a ping for the patch-set,
Regards,
Pierre
On 5/9/23 09:40, PierreGondois via groups.io wrote:
From: Pierre Gondois <pierre.gond...@arm.com>
This patchset follows the 'code first' approach and relies on [1].
This patchset follows the thread at [3] that aims to solve [2].
[1] and [2] are bound and this patchset aims to solve both.
In this patchset:
a-
The RngDxe can rely on the RngLib. However the RngLib has no
interface allowing to describe which Rng algorithm is implemented.
The RngDxe must advertise the algorithm that are available through
the RngGetInfo() callback.
Add a GetRngGuid() for interface to the RngLib.
b-
The Arm Architecture states the RNDR that the DRBG algorithm should
be compliant with NIST SP800-90A, while not mandating a particular
algorithm, so as to be inclusive of different geographies.
The RngLib can rely on this Arm RNDR instruction. In order to
accurately describe the implementation using the RNDR instruction,
add a EFI_RNG_ALGORITHM_ARM_RNDR GUID [1].
c-
For the same reason as a/b, add a GUID describing unsafe RNG
algorithms, allowing to accurately describe the BaseRngLibTimerLib.
d-
Use a/b/c mechanisms/GUIDs to select a safe Rng algorithm in the
Arm implementation of the RngDxe.
[1] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
[2] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4151
[3] https://edk2.groups.io/g/devel/message/100806
Pierre Gondois (8):
MdePkg/ArmTrngLib: Remove ASSERTs in Null implementation
MdePkg/MdePkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg
MdePkg/DxeRngLib: Request raw algorithm instead of default
MdePkg/Rng: Add GUIDs to describe Rng algorithms
MdePkg/Rng: Add GetRngGuid() to RngLib
SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib
SecurityPkg/RngDxe: Select safe default Rng algorithm
SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm
MdePkg/Include/Library/RngLib.h | 17 +++++
MdePkg/Include/Protocol/Rng.h | 20 ++++++
.../BaseArmTrngLibNull/BaseArmTrngLibNull.c | 4 --
MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 42 +++++++++++
MdePkg/Library/BaseRngLib/BaseRngLib.inf | 9 +++
MdePkg/Library/BaseRngLib/Rand/RdRand.c | 26 +++++++
.../Library/BaseRngLibNull/BaseRngLibNull.c | 22 ++++++
.../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 3 +
.../Library/BaseRngLibTimerLib/RngLibTimer.c | 28 ++++++++
MdePkg/Library/DxeRngLib/DxeRngLib.c | 36 +++++++++-
MdePkg/MdePkg.dec | 7 ++
.../RngDxe/AArch64/AArch64Algo.c | 70
+++++++++++++++----
.../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 23 +++---
.../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 +-
SecurityPkg/SecurityPkg.dec | 2 -
15 files changed, 278 insertions(+), 36 deletions(-)
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#106421): https://edk2.groups.io/g/devel/message/106421
Mute This Topic: https://groups.io/mt/99764197/21656
Group Owner: devel+ow...@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
