From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 93B91D80144 for ; Fri, 10 May 2024 00:54:12 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=PJKjX1yUvsk6cH2/yYXDs+qAgsh0Itw+SECTXBDFAIw=; c=relaxed/simple; d=groups.io; h=From:To:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Thread-Index:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Language; s=20240206; t=1715302451; v=1; b=0qspUpmH1YCgFtNsNurbrj86ZAGbssm5xmNptY6nSm826es4EDgM2hQ+e9l0pQ6McpjTOv7L f84E3SAY5DCkcZpBLbqSohzSkuQZfErIfjc9xhQY4hs8194s1xoPPPwIRPmYIXltDUEzQ7vQKMK K/d4w++BZ5V3H3AmHh3tPBr8ECtBEk8qz6brmFM+i7yLuRgUV6TDa4YwUYY2ueaBzCE6wQ9leiw udg7+FxaZpkbGyBb1573URUNeicZFlJh6guUoQib6KSJ4GMzg8FF+LZQk7WgChGJVM7+VZbheVU o40cfiRpk32KC1shmWscS7Ic26HS2QN412nxFbgLXegSQ== X-Received: by 127.0.0.2 with SMTP id 2egWYY7687511xH6JuUP46VH; Thu, 09 May 2024 17:54:11 -0700 X-Received: from zrleap.intel-email.com (zrleap.intel-email.com [114.80.218.36]) by mx.groups.io with SMTP id smtpd.web11.2174.1715302449797861222 for ; Thu, 09 May 2024 17:54:10 -0700 X-Received: from zrleap.intel-email.com (localhost [127.0.0.1]) by zrleap.intel-email.com (Postfix) with ESMTP id B2B99A32E1B6 for ; Fri, 10 May 2024 08:54:07 +0800 (CST) X-Received: from localhost (localhost [127.0.0.1]) by zrleap.intel-email.com (Postfix) with ESMTP id 997D3A32E1F3 for ; Fri, 10 May 2024 08:54:07 +0800 (CST) X-Received: from mail.byosoft.com.cn (mail.byosoft.com.cn [58.240.74.242]) by zrleap.intel-email.com (Postfix) with SMTP id BF41CA32E1EA for ; Fri, 10 May 2024 08:54:04 +0800 (CST) X-Received: from DESKTOPS6D0PVI ([58.246.60.130]) (envelope-sender ) by 192.168.6.13 with ESMTP(SSL) for ; Fri, 10 May 2024 08:54:00 +0800 X-WM-Sender: gaoliming@byosoft.com.cn X-Originating-IP: 58.246.60.130 X-WM-AuthFlag: YES X-WM-AuthUser: gaoliming@byosoft.com.cn From: "gaoliming via groups.io" To: , , "'Ard Biesheuvel'" References: <9250.1715278866341053340@groups.io> In-Reply-To: <9250.1715278866341053340@groups.io> Subject: =?UTF-8?B?5Zue5aSNOiBbZWRrMi1kZXZlbF0gW1BBVENIIHYyIDAzLzEzXSBPdm1mUGtnOlBsYXRmb3JtQ0k6IFN1cHBvcnQgdmlydGlvLXJuZy1wY2k=?= Date: Fri, 10 May 2024 08:54:03 +0800 Message-ID: <004001daa274$8de608e0$a9b21aa0$@byosoft.com.cn> MIME-Version: 1.0 Thread-Index: AQIrHEMrSCW6Dp79JzkZgy7WB2eO5QE/weUGsOSxz1A= Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Thu, 09 May 2024 17:54:10 -0700 Resent-From: gaoliming@byosoft.com.cn Reply-To: devel@edk2.groups.io,gaoliming@byosoft.com.cn List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: HkEb8JzrfLIF5lkfDed269ocx7686176AA= Content-Type: multipart/alternative; boundary="----=_NextPart_000_0041_01DAA2B7.9C09BE10" Content-Language: zh-cn X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=0qspUpmH; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=pass (policy=none) header.from=groups.io ------=_NextPart_000_0041_01DAA2B7.9C09BE10 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Doug: From the compatibility point, may PcdEnforceSecureRngAlgorithms default = value be set to FALSE? =20 Thanks Liming =E5=8F=91=E4=BB=B6=E4=BA=BA: devel@edk2.groups.io = =E4=BB=A3=E8=A1=A8 Doug Flick via groups.io =E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2024=E5=B9=B45=E6=9C=8810=E6=97=A5 2:= 21 =E6=94=B6=E4=BB=B6=E4=BA=BA: Ard Biesheuvel ; devel@edk2.g= roups.io =E4=B8=BB=E9=A2=98: Re: [edk2-devel] [PATCH v2 03/13] OvmfPkg:PlatformCI: S= upport virtio-rng-pci =20 So this patch is necessary as otherwise, QEMU fails to boot due to a missin= g source of randomness in the network drivers, right? So I added this based on your initial suggestion to get the ArmVirtPkg work= ing - running it locally (and against the pipelines) shows this isn't neces= sary. So I'll drop the commits. There were concerns around compatibility, however the only fallback we woul= d be able to do from NetworkPkg is depend on the time based LCG that we've = considered a high profile CVE. This is where NetworkPkg must depend on the = platform to provide it Rng and Hashing services. Fundamentally the platform= must own it's own security. RNDR raises another interesting problem, by the way - the ARM arch spec req= uires RNDR to be backed by an appropriate DRBG that complies with the NIST = spec but it does not specify which one. IOW, it is backed by a DRBG not by = a raw entropy source, but specifying which DRBG (by GUID) is not generally = feasible, as the guest VM firmware cannot interrogate the host about which = DRBG is behind RNDR. This is why the PCD PcdEnforceSecureRngAlgorithms exists. The platform can = make the determination to depend on default if they understand the security= implications behind that. Additionally, the platform is free to override R= ngDxe and provide their own implementations. -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118779): https://edk2.groups.io/g/devel/message/118779 Mute This Topic: https://groups.io/mt/106013302/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- ------=_NextPart_000_0041_01DAA2B7.9C09BE10 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

Doug:

=C2=A0 F= rom the compatibility point, =C2=A0may PcdEnforceSecureRngAlgorithms defaul= t value be set to FALSE?

&= nbsp;

Thanks

Liming

=E5=8F=91=E4=BB=B6=E4=BA=BA:= devel@edk2.groups.io <devel@edk2.groups.io> =E4=BB=A3=E8=A1=A8 Doug Flick via groups.io
=E5=8F=91=E9=80=81=E6=97=B6=E9=97=B4: 2024=E5=B9=B45= =E6=9C=8810=E6=97=A5 2:21
<= /span>=E6=94=B6=E4=BB=B6=E4=BA=BA: Ard Biesheuvel <ardb@kernel.org>; devel@edk2.groups.io=E4=B8=BB=E9=A2=98: Re: [edk2-devel] [PATCH v2 03/13] OvmfPkg:PlatformCI: Support virtio-r= ng-pci

 

So this patch is necessary as= otherwise, QEMU fails to boot due to a missing source of randomness in the= network drivers, right?

So I added this based on your initial suggestion to get the ArmVirtPk= g working - running it locally (and against the pipelines) shows this isn't= necessary. So I'll drop the commits.

There were concerns around compatibility, however the only fallback w= e would be able to do from NetworkPkg is depend on the time based LCG that = we've considered a high profile CVE. This is where NetworkPkg must depend o= n the platform to provide it Rng and Hashing services. Fundamentally the pl= atform must own it's own security.

RNDR raises= another interesting problem, by the way - the ARM arch spec requires RNDR = to be backed by an appropriate DRBG that complies with the NIST spec but it= does not specify which one. IOW, it is backed by a DRBG not by a raw entro= py source, but specifying which DRBG (by GUID) is not generally feasible, a= s the guest VM firmware cannot interrogate the host about which DRBG is beh= ind RNDR.

This is w= hy the PCD PcdEnforceSecureRngAlgorithms exists. The platform = can make the determination to depend on default if they understand the secu= rity implications behind that. Additionally, the platform is free to overri= de RngDxe and provide their own implementations.

=

_._,_._,_
Groups.io Links:

=20 You receive all messages sent to this group. =20 =20

View/Reply Online (#118779) | =20 | Mute= This Topic | New Topic
Your Subscriptio= n | Contact Group Owner | Unsubscribe [rebecca@openfw.io]

_._,_._,_
------=_NextPart_000_0041_01DAA2B7.9C09BE10--