From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id BBF567803E7 for ; Mon, 17 Jul 2023 08:13:32 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=lLa9EdNLHY+Uv+zFfslLzXT43aBNIdXgZt9dk2H2ej4=; c=relaxed/simple; d=groups.io; h=X-Received:X-Received:X-Received:X-Received:X-Received:X-Received:X-WM-Sender:X-Originating-IP:X-WM-AuthFlag:X-WM-AuthUser:From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Thread-Index:Precedence:List-Unsubscribe:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:X-Gm-Message-State:Content-Type:Content-Transfer-Encoding:Content-Language; s=20140610; t=1689581611; v=1; b=lKCLOpqJRdxSM26HyUcXnMa1jVygv2s2eeJgwUxF6QS+gWoDcEFBz8J1vU19mkWHwU3D4Gob /T+/UEiQvJj8sxa5xU4yOnBO73uyr898ObuRtku5SyOdfDwxRbi8vCAzpVrY7bCw2Kc1KU4E7b2 Rq64zcu2k/9dDbvlFM4lvrNc= X-Received: by 127.0.0.2 with SMTP id priTYY7687511xOdrrbz8kwc; Mon, 17 Jul 2023 01:13:31 -0700 X-Received: from walk.intel-email.com (walk.intel-email.com [101.227.64.242]) by mx.groups.io with SMTP id smtpd.web10.3600.1689581610308249457 for ; Mon, 17 Jul 2023 01:13:30 -0700 X-Received: from walk.intel-email.com (localhost [127.0.0.1]) by walk.intel-email.com (Postfix) with ESMTP id 52CB2CD1F6E6 for ; Mon, 17 Jul 2023 16:13:23 +0800 (CST) X-Received: from localhost (localhost [127.0.0.1]) by walk.intel-email.com (Postfix) with ESMTP id 4EBCECD1F6C7 for ; Mon, 17 Jul 2023 16:13:23 +0800 (CST) X-Received: from mail.byosoft.com.cn (mail.byosoft.com.cn [58.240.74.242]) by walk.intel-email.com (Postfix) with SMTP id A4797CD1F694 for ; Mon, 17 Jul 2023 16:13:19 +0800 (CST) X-Received: from DESKTOPS6D0PVI ([58.246.60.130]) (envelope-sender ) by 192.168.6.13 with ESMTP for ; Mon, 17 Jul 2023 16:13:07 +0800 X-WM-Sender: gaoliming@byosoft.com.cn X-Originating-IP: 58.246.60.130 X-WM-AuthFlag: YES X-WM-AuthUser: gaoliming@byosoft.com.cn From: "gaoliming via groups.io" To: , Cc: "'Michael D Kinney'" , "'Zhiguang Liu'" , "'Jiewen Yao'" , "'Jian J Wang'" , "'Ard Biesheuvel'" , "'Sami Mujawar'" , "'Jose Marinho'" , "'Kun Qin'" References: <20230712132947.332643-1-pierre.gondois@arm.com> In-Reply-To: <20230712132947.332643-1-pierre.gondois@arm.com> Subject: =?UTF-8?B?W2VkazItZGV2ZWxdIOWbnuWkjTogW1BBVENIIHY0IDAvOF0gU2VjdXJpdHlQa2cvTWRlUGtnOiBVcGRhdGUgUm5nTGliIEdVSUQgaWRlbnRpZmljYXRpb24=?= Date: Mon, 17 Jul 2023 16:13:16 +0800 Message-ID: <007e01d9b886$8a304d10$9e90e730$@byosoft.com.cn> MIME-Version: 1.0 Thread-Index: AQGfN/SjWWp2ycYwtSt6azgRMExpf7AyN9Pg Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,gaoliming@byosoft.com.cn X-Gm-Message-State: 0xy95QqOi2LUOwmkAlUlfZnwx7686176AA= Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: quoted-printable Content-Language: zh-cn X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=lKCLOpqJ; dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Pierre: Now, BaseRngLibTimerLib in MdePkg is used in many platforms. I think we need to reserve enough time for the platform owner to update their DSC files.=20 So, I suggest to keep current BaseRngLibTimerLib in MdePkg for compatibility, and add new BaseRngLibTimerLib in MdeModulePkg for this support. After some time, such as two stable tags, we can propose to remove the one in MdePkg.=20 Thanks Liming > -----=D3=CA=BC=FE=D4=AD=BC=FE----- > =B7=A2=BC=FE=C8=CB: pierre.gondois@arm.com > =B7=A2=CB=CD=CA=B1=BC=E4: 2023=C4=EA7=D4=C212=C8=D5 21:30 > =CA=D5=BC=FE=C8=CB: devel@edk2.groups.io > =B3=AD=CB=CD: Michael D Kinney ; Liming Gao > ; Zhiguang Liu ; Jiewen > Yao ; Jian J Wang ; Ard > Biesheuvel ; Sami Mujawar > ; Jose Marinho ; Kun > Qin ; pierre.gondois@arm.com > =D6=F7=CC=E2: [PATCH v4 0/8] SecurityPkg/MdePkg: Update RngLib GUID ident= ification >=20 > From: Pierre Gondois >=20 > v4: > - New patches: > - [1/8] MdePkg: Move BaseRngLibTimerLib to MdeModulePkg > - [5/8] MdeModulePkg/Rng: Add GUID to describe unsafe Rng algorithms > - This patch-set now requires to be accepted along an edk-platforms patch > moving the BaseRngLibTimerLib to MdeModulePkg >=20 > v3: > - As the unsafe algorithm GUID will not be added to the UEFI > specification, rename: > - gEfiRngAlgorithmUnSafe to gEdkiiRngAlgorithmUnSafe > - EFI_RNG_ALGORITHM_UNSAFE to EDKII_RNG_ALGORITHM_UNSAFE >=20 > v2: > [1/8] MdePkg/ArmTrngLib: Remove ASSERTs in Null implementation > - Dropped > [2/8] MdePkg/MdePkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg > - Change gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm > token number > - Rename to SecurityPkg/SecurityPkg.dec: Move > PcdCpuRngSupportedAlgorithm to MdePkg > [5/8] MdePkg/Rng: Add GetRngGuid() to RngLib > - Remove gEfiRngAlgorithmUnSafe from inf file > - Split Guids definitions in arch specific sections > [6/8] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib > - Remove RngFindDefaultAlgo() and change logic accordingly. > [7/8] SecurityPkg/RngDxe: Select safe default Rng algorithm > - Dropped due to changes in [6/8] >=20 > This patch also requires the following patch on top of the serie: > - https://edk2.groups.io/g/devel/message/106546 >=20 > This patchset follows the 'code first' approach and relates to [1]. > This patchset follows the thread at [3] that aims to solve [2]. > [1] and [2] are bound and this patchset aims to solve both. >=20 > In this patchset: > a- > The RngDxe can rely on the RngLib. However the RngLib has no > interface allowing to describe which Rng algorithm is implemented. > The RngDxe must advertise the algorithm that are available through > the RngGetInfo() callback. > Add a GetRngGuid() for interface to the RngLib. >=20 > b- > The Arm Architecture states the RNDR that the DRBG algorithm should > be compliant with NIST SP800-90A, while not mandating a particular > algorithm, so as to be inclusive of different geographies. > The RngLib can rely on this Arm RNDR instruction. In order to > accurately describe the implementation using the RNDR instruction, > add a EFI_RNG_ALGORITHM_ARM_RNDR GUID [1]. >=20 > c- > For the same reason as a/b, add a GUID describing unsafe RNG > algorithms, allowing to accurately describe the BaseRngLibTimerLib. >=20 > d- > Use a/b/c mechanisms/GUIDs to select a safe Rng algorithm in the > Arm implementation of the RngDxe. >=20 > [1] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4441 > [2] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4151 > [3] https://edk2.groups.io/g/devel/message/100806 >=20 > Pierre Gondois (8): > MdePkg: Move BaseRngLibTimerLib to MdeModulePkg > SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to > MdePkg > MdePkg/DxeRngLib: Request raw algorithm instead of default > MdePkg/Rng: Add GUID to describe Arm Rndr Rng algorithms > MdeModulePkg/Rng: Add GUID to describe unsafe Rng algorithms > MdePkg/Rng: Add GetRngGuid() to RngLib > SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib > SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm >=20 > ArmVirtPkg/ArmVirt.dsc.inc | 2 +- > EmulatorPkg/EmulatorPkg.dsc | 2 +- > MdeModulePkg/Include/Guid/RngAlgorithm.h | 23 ++++++++ > .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 4 ++ > .../BaseRngLibTimerLib/BaseRngLibTimerLib.uni | 0 > .../Library/BaseRngLibTimerLib/RngLibTimer.c | 28 ++++++++++ > MdeModulePkg/MdeModulePkg.dec | 3 + > MdeModulePkg/MdeModulePkg.dsc | 1 + > MdePkg/Include/Library/RngLib.h | 17 ++++++ > MdePkg/Include/Protocol/Rng.h | 10 ++++ > MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 42 ++++++++++++++ > MdePkg/Library/BaseRngLib/BaseRngLib.inf | 10 ++++ > MdePkg/Library/BaseRngLib/Rand/RdRand.c | 26 +++++++++ > .../Library/BaseRngLibNull/BaseRngLibNull.c | 22 ++++++++ > MdePkg/Library/DxeRngLib/DxeRngLib.c | 36 +++++++++++- > MdePkg/MdePkg.dec | 6 ++ > MdePkg/MdePkg.dsc | 1 - > NetworkPkg/NetworkPkg.dsc | 4 +- > OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +- > OvmfPkg/Bhyve/BhyveX64.dsc | 2 +- > OvmfPkg/CloudHv/CloudHvX64.dsc | 2 +- > OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +- > OvmfPkg/Microvm/MicrovmX64.dsc | 2 +- > OvmfPkg/OvmfPkgIa32.dsc | 2 +- > OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- > OvmfPkg/OvmfPkgX64.dsc | 2 +- > OvmfPkg/OvmfXen.dsc | 2 +- > OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc | 2 +- > .../RngDxe/AArch64/AArch64Algo.c | 55 > +++++++++++++------ > .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 23 +++----- > .../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 +- > SecurityPkg/SecurityPkg.dec | 2 - > SecurityPkg/SecurityPkg.dsc | 4 +- > SignedCapsulePkg/SignedCapsulePkg.dsc | 4 +- > 34 files changed, 294 insertions(+), 56 deletions(-) > create mode 100644 MdeModulePkg/Include/Guid/RngAlgorithm.h > rename {MdePkg =3D> > MdeModulePkg}/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf (91%) > rename {MdePkg =3D> > MdeModulePkg}/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni > (100%) > rename {MdePkg =3D> > MdeModulePkg}/Library/BaseRngLibTimerLib/RngLibTimer.c (83%) >=20 > -- > 2.25.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#106958): https://edk2.groups.io/g/devel/message/106958 Mute This Topic: https://groups.io/mt/100190824/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-