et him comment if there is any concern
on the change for ARM.
Thank you
Yao, Jiewen
*From:* Doug Flick via groups.io
*Sent:* Saturday, May 11, 2024 5:12 AM
*To:* Yao, Jiewen ; devel@edk2.groups.io
*Subject:* Re: [edk2-devel] [PATCH v2 07/13] SecurityPkg: RngDxe: Remove
incorrect limitation on
On Thu, 9 May 2024 at 07:56, Doug Flick via groups.io
wrote:
>
> Removed from gEfiRngAlgorithmRaw an incorrect assumption that
> Raw cannot return less than 256 bits. The DRNG Algorithms
> should always use a 256 bit seed as per nist standards
> however a caller is free to request less than 256
Sent: Saturday, May 11, 2024 5:12 AM
To: Yao, Jiewen ; devel@edk2.groups.io
Subject: Re: [edk2-devel] [PATCH v2 07/13] SecurityPkg: RngDxe: Remove
incorrect limitation on GetRng
So, I'm trying to consult with some RNG experts because I'm by no means an
expert and anything I say should be taken wit
So, I'm trying to consult with some RNG experts because I'm by no means an
expert and anything I say should be taken with huge grain of salt. When I get
the experts take, I'll share it.
Basically, the way I read this code is that it by no means tries to enforce any
entropy requirement outside
Hi Doug
First, I agree with you that "A caller is free to request less than 256 bit".
Second, I think we still need to meet 256 bit entropy requirement in UEFI spec,
right?
With above assumption, I checked how the callee is implemented when input
length is small.
Removed from gEfiRngAlgorithmRaw an incorrect assumption that
Raw cannot return less than 256 bits. The DRNG Algorithms
should always use a 256 bit seed as per nist standards
however a caller is free to request less than 256 bits.
>
> //
>// When a DRBG is used on the output of a entropy