Re: [edk2-devel] [PATCH v3 3/6] MdePkg/Rng: Add GUIDs to describe Rng algorithms

["PierreGondois" <pierre.gondois@arm.com>]

Hello Jiewen,

We have the following dependency issue:
- the BaseRngTimerLib is in the MdePkg
- we need a GUID to describe the BaseRngTimerLib algorithm
- we cannot add the gEdkiiRngAlgorithmUnSafe in the MdePkg, and the gZeroGuid is also not in the MdePkg
- the MdePkg should not have dependencies over other packages

As the BaseRngTimerLib is not really standard and should not be used in production builds,
would you agree if it was moved to the MdeModulePkg or to the SecurityPkg (with the gEdkiiRngAlgorithmUnSafe definition) ?

Regards,
Pierre


The issue we have

On 7/7/23 15:05, Yao, Jiewen wrote:
> FYI: I filed https://bugzilla.tianocore.org/show_bug.cgi?id=4497 to track the gEdkiiMemoryAcceptProtocolGuid issue.
> 
> Thank you
> Yao, Jiewen
> 
> 
>> -----Original Message-----
>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao, Jiewen
>> Sent: Friday, July 7, 2023 8:57 PM
>> To: Pierre Gondois <pierre.gondois@arm.com>; devel@edk2.groups.io
>> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming
>> <gaoliming@byosoft.com.cn>; Liu, Zhiguang <zhiguang.liu@intel.com>; Wang,
>> Jian J <jian.j.wang@intel.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>> Sami Mujawar <sami.mujawar@arm.com>; Jose Marinho
>> <Jose.Marinho@arm.com>; Kun Qin <kuqin12@gmail.com>
>> Subject: Re: [edk2-devel] [PATCH v3 3/6] MdePkg/Rng: Add GUIDs to describe
>> Rng algorithms
>>
>> I don’t think MdePkg should have Edkii- style protocol.
>>
>> I am not sure why gEdkiiMemoryAcceptProtocolGuid is in MdePkg.
>> It should be in MdeModulePkg, IMHO.
>>
>> Thank you
>> Yao, Jiewen
>>
>>> -----Original Message-----
>>> From: Pierre Gondois <pierre.gondois@arm.com>
>>> Sent: Friday, July 7, 2023 8:49 PM
>>> To: devel@edk2.groups.io; Yao, Jiewen <jiewen.yao@intel.com>
>>> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming
>>> <gaoliming@byosoft.com.cn>; Liu, Zhiguang <zhiguang.liu@intel.com>; Wang,
>>> Jian J <jian.j.wang@intel.com>; Ard Biesheuvel <ardb+tianocore@kernel.org>;
>>> Sami Mujawar <sami.mujawar@arm.com>; Jose Marinho
>>> <Jose.Marinho@arm.com>; Kun Qin <kuqin12@gmail.com>
>>> Subject: Re: [edk2-devel] [PATCH v3 3/6] MdePkg/Rng: Add GUIDs to describe
>>> Rng algorithms
>>>
>>> Hello Jiewen,
>>>
>>> The gEfiRngAlgorithmArmRndr GUID is to be added to the UEFI spec with:
>>> - https://bugzilla.tianocore.org/show_bug.cgi?id=4441
>>> - https://mantis.uefi.org/mantis/view.php?id=2386
>>>
>>> the gEdkiiMemoryAcceptProtocolGuid GUID should not be in the UEFI spec,
>>> so I used the 'gEdkii' prefix as already used in MdePkg.dec for:
>>> - gEdkiiMemoryAcceptProtocolGuid
>>>
>>> Regards,
>>> Pierre
>>>
>>> On 7/7/23 11:14, Yao, Jiewen via groups.io wrote:
>>>> MdePkg can only add UEFI defined API.
>>>>
>>>> Is below defined by UEFI?
>>>>
>>>> Thank you
>>>> Yao, Jiewen
>>>>
>>>>
>>>>
>>>>> -----Original Message-----
>>>>> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of
>>>>> PierreGondois
>>>>> Sent: Thursday, July 6, 2023 4:52 PM
>>>>> To: devel@edk2.groups.io
>>>>> Cc: Kinney, Michael D <michael.d.kinney@intel.com>; Gao, Liming
>>>>> <gaoliming@byosoft.com.cn>; Liu, Zhiguang <zhiguang.liu@intel.com>;
>> Yao,
>>>>> Jiewen <jiewen.yao@intel.com>; Wang, Jian J <jian.j.wang@intel.com>;
>> Ard
>>>>> Biesheuvel <ardb+tianocore@kernel.org>; Sami Mujawar
>>>>> <sami.mujawar@arm.com>; Jose Marinho <Jose.Marinho@arm.com>; Kun
>>> Qin
>>>>> <kuqin12@gmail.com>
>>>>> Subject: [edk2-devel] [PATCH v3 3/6] MdePkg/Rng: Add GUIDs to describe
>>> Rng
>>>>> algorithms
>>>>>
>>>>> From: Pierre Gondois <pierre.gondois@arm.com>
>>>>>
>>>>> BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
>>>>>
>>>>> The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple
>>>>> implementations, some of them are unsafe (e.g. BaseRngLibTimerLib).
>>>>> To allow the RngDxe to detect when such implementation is used,
>>>>> a GetRngGuid() function is added in a following patch.
>>>>>
>>>>> Prepare GetRngGuid() return values and add GUIDs describing
>>>>> Rng algorithms:
>>>>> - gEfiRngAlgorithmArmRndr
>>>>> to describe a Rng algorithm accessed through Arm's RNDR instruction.
>>>>> [1] states that the implementation of this algorithm should be
>>>>> compliant to NIST SP900-80. The compliance is not guaranteed.
>>>>> - gEdkiiRngAlgorithmUnSafe
>>>>> to describe an unsafe implementation, cf. the BaseRngLibTimerLib.
>>>>>
>>>>> [1] Arm Architecture Reference Manual Armv8, for A-profile architecture
>>>>> sK12.1 'Properties of the generated random number'
>>>>>
>>>>> Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
>>>>> Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
>>>>> ---
>>>>>    MdePkg/Include/Protocol/Rng.h | 20 ++++++++++++++++++++
>>>>>    MdePkg/MdePkg.dec             |  2 ++
>>>>>    2 files changed, 22 insertions(+)
>>>>>
>>>>> diff --git a/MdePkg/Include/Protocol/Rng.h
>>> b/MdePkg/Include/Protocol/Rng.h
>>>>> index baf425587b3c..ceae77ba9c73 100644
>>>>> --- a/MdePkg/Include/Protocol/Rng.h
>>>>> +++ b/MdePkg/Include/Protocol/Rng.h
>>>>> @@ -67,6 +67,24 @@ typedef EFI_GUID EFI_RNG_ALGORITHM;
>>>>>      { \
>>>>>        0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85,
>>> 0x61 }
>>>>> \
>>>>>      }
>>>>> +///
>>>>> +/// The Arm Architecture states the RNDR that the DRBG algorithm should
>>> be
>>>>> compliant
>>>>> +/// with NIST SP800-90A, while not mandating a particular algorithm, so as
>>> to
>>>>> be
>>>>> +/// inclusive of different geographies.
>>>>> +///
>>>>> +#define EFI_RNG_ALGORITHM_ARM_RNDR \
>>>>> +  { \
>>>>> +    0x43d2fde3, 0x9d4e, 0x4d79,  {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08,
>>>>> 0x41} \
>>>>> +  }
>>>>> +///
>>>>> +/// The implementation of a Random Number Generator might be unsafe,
>>>>> when using
>>>>> +/// a dummy implementation for instance. Allow identifying such
>>>>> implementation
>>>>> +/// with this GUID.
>>>>> +///
>>>>> +#define EDKII_RNG_ALGORITHM_UNSAFE \
>>>>> +  { \
>>>>> +    0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3,
>>>>> 0xf4 } \
>>>>> +  }
>>>>>
>>>>>    /**
>>>>>      Returns information about the random number generation
>> implementation.
>>>>> @@ -146,5 +164,7 @@ extern EFI_GUID
>>> gEfiRngAlgorithmSp80090Ctr256Guid;
>>>>>    extern EFI_GUID  gEfiRngAlgorithmX9313DesGuid;
>>>>>    extern EFI_GUID  gEfiRngAlgorithmX931AesGuid;
>>>>>    extern EFI_GUID  gEfiRngAlgorithmRaw;
>>>>> +extern EFI_GUID  gEfiRngAlgorithmArmRndr;
>>>>> +extern EFI_GUID  gEdkiiRngAlgorithmUnSafe;
>>>>>
>>>>>    #endif
>>>>> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec
>>>>> index 5b8477f4cb8f..2c8f985f253e 100644
>>>>> --- a/MdePkg/MdePkg.dec
>>>>> +++ b/MdePkg/MdePkg.dec
>>>>> @@ -643,6 +643,8 @@ [Guids]
>>>>>      gEfiRngAlgorithmX9313DesGuid       = { 0x63c4785a, 0xca34, 0x4012,
>> {0xa3,
>>>>> 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 }}
>>>>>      gEfiRngAlgorithmX931AesGuid        = { 0xacd03321, 0x777e, 0x4d3d,
>> {0xb1,
>>>>> 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 }}
>>>>>      gEfiRngAlgorithmRaw                = { 0xe43176d7, 0xb6e8, 0x4827, {0xb7,
>>> 0x84,
>>>>> 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 }}
>>>>> +  gEfiRngAlgorithmArmRndr            = { 0x43d2fde3, 0x9d4e, 0x4d79, {0x02,
>>> 0x96,
>>>>> 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41 }}
>>>>> +  gEdkiiRngAlgorithmUnSafe           = { 0x869f728c, 0x409d, 0x4ab4, {0xac,
>>> 0x03,
>>>>> 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 }}
>>>>>
>>>>>      ## Include/Protocol/AdapterInformation.h
>>>>>      gEfiAdapterInfoMediaStateGuid       = { 0xD7C74207, 0xA831, 0x4A26,
>>> {0xB1,
>>>>> 0xF5, 0xD1, 0x93, 0x06, 0x5C, 0xE8, 0xB6 }}
>>>>> --
>>>>> 2.25.1
>>>>>
>>>>>
>>>>>
>>>>> -=-=-=-=-=-=
>>>>> Groups.io Links: You receive all messages sent to this group.
>>>>> View/Reply Online (#106688):
>>> https://edk2.groups.io/g/devel/message/106688
>>>>> Mute This Topic: https://groups.io/mt/99981855/1772286
>>>>> Group Owner: devel+owner@edk2.groups.io
>>>>> Unsubscribe: https://edk2.groups.io/g/devel/unsub [jiewen.yao@intel.com]
>>>>> -=-=-=-=-=-=
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>
>>
>> 
>>
>