Branch: refs/heads/master
Home: https://github.com/tianocore/edk2
Commit: 2f981bddcbd6adde5f682caf0d3812ba92bc0f73
https://github.com/tianocore/edk2/commit/2f981bddcbd6adde5f682caf0d3812ba92bc0f73
Author: Pierre Gondois <[email protected]>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M ArmVirtPkg/ArmVirt.dsc.inc
M EmulatorPkg/EmulatorPkg.dsc
A MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
A MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni
A MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
M MdeModulePkg/MdeModulePkg.dsc
M NetworkPkg/NetworkPkg.dsc
M OvmfPkg/AmdSev/AmdSevX64.dsc
M OvmfPkg/Bhyve/BhyveX64.dsc
M OvmfPkg/CloudHv/CloudHvX64.dsc
M OvmfPkg/IntelTdx/IntelTdxX64.dsc
M OvmfPkg/Microvm/MicrovmX64.dsc
M OvmfPkg/OvmfPkgIa32.dsc
M OvmfPkg/OvmfPkgIa32X64.dsc
M OvmfPkg/OvmfPkgX64.dsc
M OvmfPkg/OvmfXen.dsc
M OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc
M SecurityPkg/SecurityPkg.dsc
M SignedCapsulePkg/SignedCapsulePkg.dsc
Log Message:
-----------
MdeModulePkg: Duplicate BaseRngLibTimerLib to MdeModulePkg
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4504
The BaseRngLibTimerLib allows to generate number based on a timer.
This mechanism allows to have a basic non-secure implementation
for non-production platforms.
To bind and identify Random Number Generators implementations with
a GUID, an unsafe GUID should be added. This GUID cannot be added
to the MdePkg unless it is also added to a specification.
To keep the MdePkg self-contained, copy the BaseRngLibTimerLib to
the MdeModulePkg. This will allow to define an unsafe Rng GUID
in a later patch in the MdeModulePkg.
The MdePkg implementation will be removed later. This allows to give
some time to platform owners to switch to the MdeModulePkg
implementation.
Signed-off-by: Pierre Gondois <[email protected]>
Reviewed-by: Sami Mujawar <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Tested-by: Kun Qin <[email protected]>
Commit: e93468442b7da7bc80e00014e854c0c8a0a7184b
https://github.com/tianocore/edk2/commit/e93468442b7da7bc80e00014e854c0c8a0a7184b
Author: Pierre Gondois <[email protected]>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
M MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
Log Message:
-----------
MdePkg: Add deprecated warning to BaseRngLibTimer
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4504
To keep the MdePkg self-contained and avoid dependencies on GUIDs
defined in other packages, the BaseRngLibTimer was moved to the
MdePkg.
Add a constructor to warn and request to use the MdeModulePkg
implementation.
Signed-off-by: Pierre Gondois <[email protected]>
Reviewed-by: Liming Gao <[email protected]>
Reviewed-by: Sami Mujawar <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Tested-by: Kun Qin <[email protected]>
Commit: 65b5dd828ef2ea5056031b239a4e7a6642f771a3
https://github.com/tianocore/edk2/commit/65b5dd828ef2ea5056031b239a4e7a6642f771a3
Author: Pierre Gondois <[email protected]>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
M MdePkg/MdePkg.dec
M SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
M SecurityPkg/SecurityPkg.dec
Log Message:
-----------
SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg
In order to use PcdCpuRngSupportedAlgorithm in the MdePkg in a
following patch and to avoid making the MdePkg dependent on another
package, move PcdCpuRngSupportedAlgorithm to the MdePkg.
As the Pcd is only used for AARCH64, place it in an AARCH64
specific sections.
Signed-off-by: Pierre Gondois <[email protected]>
Reviewed-by: Liming Gao <[email protected]>
Reviewed-by: Sami Mujawar <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Acked-by: Jiewen Yao <[email protected]>
Tested-by: Kun Qin <[email protected]>
Commit: bd1f0eecc1dfe51ba20161bef8860d12392006bd
https://github.com/tianocore/edk2/commit/bd1f0eecc1dfe51ba20161bef8860d12392006bd
Author: Pierre Gondois <[email protected]>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M MdePkg/Library/DxeRngLib/DxeRngLib.c
Log Message:
-----------
MdePkg/DxeRngLib: Request raw algorithm instead of default
The DxeRngLib tries to generate a random number using the 3 NIST
SP 800-90 compliant DRBG algorithms, i.e. 256-bits CTR, HASH and HMAC.
If none of the call is successful, the fallback option is the default
RNG algorithm of the EFI_RNG_PROTOCOL. This default algorithm might
be an unsafe implementation.
Try requesting the Raw algorithm before requesting the default one.
Signed-off-by: Pierre Gondois <[email protected]>
Reviewed-by: Sami Mujawar <[email protected]>
Reviewed-by: Liming Gao <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Tested-by: Kun Qin <[email protected]>
Commit: cf07238e5fa4f8b1138ac1c9e80530b4d4e59f1c
https://github.com/tianocore/edk2/commit/cf07238e5fa4f8b1138ac1c9e80530b4d4e59f1c
Author: Pierre Gondois <[email protected]>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M MdePkg/Include/Protocol/Rng.h
M MdePkg/MdePkg.dec
Log Message:
-----------
MdePkg/Rng: Add GUID to describe Arm Rndr Rng algorithms
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
To allow the RngDxe to detect when such implementation is used,
a GetRngGuid() function is added in a following patch.
Prepare GetRngGuid() return values and add a gEfiRngAlgorithmArmRndr
to describe a Rng algorithm accessed through Arm's RNDR instruction.
[1] states that the implementation of this algorithm should be
compliant to NIST SP900-80. The compliance is not guaranteed.
[1] Arm Architecture Reference Manual Armv8, for A-profile architecture
sK12.1 'Properties of the generated random number'
Signed-off-by: Pierre Gondois <[email protected]>
Reviewed-by: Sami Mujawar <[email protected]>
Reviewed-by: Liming Gao <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Tested-by: Kun Qin <[email protected]>
Commit: 414c0f20896f3dec412135fa4260f8aad8bef246
https://github.com/tianocore/edk2/commit/414c0f20896f3dec412135fa4260f8aad8bef246
Author: Pierre Gondois <[email protected]>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
A MdeModulePkg/Include/Guid/RngAlgorithm.h
M MdeModulePkg/MdeModulePkg.dec
Log Message:
-----------
MdeModulePkg/Rng: Add GUID to describe unsafe Rng algorithms
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
To allow the RngDxe to detect when such implementation is used,
a GetRngGuid() function is added in a following patch.
Prepare GetRngGuid() return values and add a gEdkiiRngAlgorithmUnSafe
to describe an unsafe implementation, cf. the BaseRngLibTimerLib.
Signed-off-by: Pierre Gondois <[email protected]>
Reviewed-by: Sami Mujawar <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Tested-by: Kun Qin <[email protected]>
Commit: 5443c2dc310d2c8eb15fb8eefd5057342e78cd0d
https://github.com/tianocore/edk2/commit/5443c2dc310d2c8eb15fb8eefd5057342e78cd0d
Author: Pierre Gondois <[email protected]>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
M MdeModulePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
M MdePkg/Include/Library/RngLib.h
M MdePkg/Library/BaseRngLib/AArch64/Rndr.c
M MdePkg/Library/BaseRngLib/BaseRngLib.inf
M MdePkg/Library/BaseRngLib/Rand/RdRand.c
M MdePkg/Library/BaseRngLibNull/BaseRngLibNull.c
M MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
M MdePkg/Library/DxeRngLib/DxeRngLib.c
Log Message:
-----------
MdePkg/Rng: Add GetRngGuid() to RngLib
The EFI_RNG_PROTOCOL can use the RngLib. The RngLib has multiple
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
To allow the RngDxe to detect when such implementation is used,
add a GetRngGuid() function to the RngLib.
Signed-off-by: Pierre Gondois <[email protected]>
Reviewed-by: Liming Gao <[email protected]>
Reviewed-by: Sami Mujawar <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Tested-by: Kun Qin <[email protected]>
Commit: 19438cff973bfb35a1ef12fab45fabb28b63fe64
https://github.com/tianocore/edk2/commit/19438cff973bfb35a1ef12fab45fabb28b63fe64
Author: Pierre Gondois <[email protected]>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c
M SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
M SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
Log Message:
-----------
SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib
BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4151
The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
To allow the RngDxe to detect when such implementation is used,
a GetRngGuid() function was added in a previous patch.
The EFI_RNG_PROTOCOL can advertise multiple algorithms through
Guids. The PcdCpuRngSupportedAlgorithm is currently used to
advertise the RngLib in the Arm implementation.
The issues of doing that are:
- the RngLib implementation might not use CPU instructions,
cf. the BaseRngLibTimerLib
- most platforms don't set PcdCpuRngSupportedAlgorithm
A GetRngGuid() was added to the RngLib in a previous patch,
allowing to identify the algorithm implemented by the RngLib.
Make use of this function and place the unsage algorithm
at the last position in the mAvailableAlgoArray.
Signed-off-by: Pierre Gondois <[email protected]>
Reviewed-by: Sami Mujawar <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Acked-by: Jiewen Yao <[email protected]>
Tested-by: Kun Qin <[email protected]>
Commit: ff7ddc02b273f9159ef46fdb67d99062f8e598d9
https://github.com/tianocore/edk2/commit/ff7ddc02b273f9159ef46fdb67d99062f8e598d9
Author: Pierre Gondois <[email protected]>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c
Log Message:
-----------
SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm
The first element of mAvailableAlgoArray is defined as the default
Rng algorithm to use. Don't go through the array at each RngGetRNG()
call and just return the first element of the array.
Signed-off-by: Pierre Gondois <[email protected]>
Reviewed-by: Sami Mujawar <[email protected]>
Acked-by: Ard Biesheuvel <[email protected]>
Acked-by: Jiewen Yao <[email protected]>
Tested-by: Kun Qin <[email protected]>
Compare: https://github.com/tianocore/edk2/compare/2ce5ae43c216...ff7ddc02b273
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits
