This commit disables enforcement of NIST defined RNG algorithms. Such that NetworkPkg will accept "Default" and depend on the platform.
Cc: Ard Biesheuvel <ardb+tianoc...@kernel.org> Cc: Jiewen Yao <jiewen....@intel.com> Cc: Gerd Hoffmann <kra...@redhat.com> Signed-off-by: Doug Flick [MSFT] <doug.e...@gmail.com> --- OvmfPkg/OvmfPkgIa32.dsc | 7 +++++++ OvmfPkg/OvmfPkgIa32X64.dsc | 9 +++++++++ OvmfPkg/OvmfPkgX64.dsc | 7 +++++++ OvmfPkg/OvmfXen.dsc | 7 +++++++ 4 files changed, 30 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 7d7729e07729..080d1a93a0ee 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -571,6 +571,13 @@ [PcdsFixedAtBuild] # !include NetworkPkg/NetworkPcds.dsc.inc + # + # Platforms may not support the EDK2 Standard NIST Algorithms + # This Pcd allows for platform to override the attempt to use the NIST Algorithms + # and falls back to default such that the platform can own the Rng Algorithm + # + gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE + gEfiShellPkgTokenSpaceGuid.PcdShellFileOperationSize|0x20000 !if $(SMM_REQUIRE) == TRUE diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 1e924ccc5eb4..d62f9ea3fa69 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -571,6 +571,8 @@ [PcdsFixedAtBuild] # gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE + + [PcdsFixedAtBuild.IA32] # # The NumberOfPages values below are ad-hoc. They are updated sporadically at @@ -590,6 +592,13 @@ [PcdsFixedAtBuild.X64] # !include NetworkPkg/NetworkPcds.dsc.inc + # + # Platforms may not support the EDK2 Standard NIST Algorithms + # This Pcd allows for platform to override the attempt to use the NIST Algorithms + # and falls back to default such that the platform can own the Rng Algorithm + # + gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE + gEfiShellPkgTokenSpaceGuid.PcdShellFileOperationSize|0x20000 !if $(SMM_REQUIRE) == TRUE diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 3637b967b139..761c86f73a6b 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -601,6 +601,13 @@ [PcdsFixedAtBuild] # !include NetworkPkg/NetworkPcds.dsc.inc + # + # Platforms may not support the EDK2 Standard NIST Algorithms + # This Pcd allows for platform to override the attempt to use the NIST Algorithms + # and falls back to default such that the platform can own the Rng Algorithm + # + gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE + gEfiShellPkgTokenSpaceGuid.PcdShellFileOperationSize|0x20000 !if $(SMM_REQUIRE) == TRUE diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc index 7fc340d1c1df..0b2dac0cdaef 100644 --- a/OvmfPkg/OvmfXen.dsc +++ b/OvmfPkg/OvmfXen.dsc @@ -443,6 +443,13 @@ [PcdsFixedAtBuild] # !include NetworkPkg/NetworkPcds.dsc.inc + # + # Platforms may not support the EDK2 Standard NIST Algorithms + # This Pcd allows for platform to override the attempt to use the NIST Algorithms + # and falls back to default such that the platform can own the Rng Algorithm + # + gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE + !ifdef $(DEBUG_ON_HYPERVISOR_CONSOLE) ## Set Xen's debug IO port for PlatformDebugLibIoPort gUefiOvmfPkgTokenSpaceGuid.PcdDebugIoPort|0xe9 -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118682): https://edk2.groups.io/g/devel/message/118682 Mute This Topic: https://groups.io/mt/105983248/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
