From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.7581.1689169099127007264 for ; Wed, 12 Jul 2023 06:38:19 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: pierre.gondois@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 42188D75; Wed, 12 Jul 2023 06:39:01 -0700 (PDT) Received: from [192.168.1.12] (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id A1ABD3F67D; Wed, 12 Jul 2023 06:38:16 -0700 (PDT) Message-ID: <06e02d50-9bd5-f95a-1f2b-bff69f8f7d7e@arm.com> Date: Wed, 12 Jul 2023 15:38:01 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH v3 0/6] SecurityPkg/MdePkg: Update RngLib GUID identification To: Kun Qin , devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho References: <20230706085159.626374-1-pierre.gondois@arm.com> <1f4f3d6c-be22-4961-570e-86ffb9d36a61@gmail.com> From: "PierreGondois" In-Reply-To: <1f4f3d6c-be22-4961-570e-86ffb9d36a61@gmail.com> Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hello Kun, As I made some small changes to the patch-set, I didn't include your tested-by tag, but the changes should be quite small, The v4 is available at: - https://edk2.groups.io/g/devel/message/106856 Regards, Pierre On 7/6/23 21:01, Kun Qin wrote: > Hi Pierre, > > Thanks for sending the update. I tested on QEMU with this change (no TRNG from TFA), it works for me. > Tested-by: Kun Qin > > Please note that the change below is still needed to avoid data abortion exception. It will be helpful if one > of the maintainers can help merging it. > [PATCH v2 1/1] SecurityPkg: RngDxe: Fixing mAvailableAlgoArray allocator (groups.io) > > Regards, > Kun > > On 7/6/2023 1:51 AM, pierre.gondois@arm.com wrote: >> From: Pierre Gondois >> >> v3: >> - As the unsafe algorithm GUID will not be added to the UEFI >> specification, rename: >> - gEfiRngAlgorithmUnSafe to gEdkiiRngAlgorithmUnSafe >> - EFI_RNG_ALGORITHM_UNSAFE to EDKII_RNG_ALGORITHM_UNSAFE >> >> v2: >> [1/8] MdePkg/ArmTrngLib: Remove ASSERTs in Null implementation >> - Dropped >> [2/8] MdePkg/MdePkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg >> - Change gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm >> token number >> - Rename to SecurityPkg/SecurityPkg.dec: Move >> PcdCpuRngSupportedAlgorithm to MdePkg >> [5/8] MdePkg/Rng: Add GetRngGuid() to RngLib >> - Remove gEfiRngAlgorithmUnSafe from inf file >> - Split Guids definitions in arch specific sections >> [6/8] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib >> - Remove RngFindDefaultAlgo() and change logic accordingly. >> [7/8] SecurityPkg/RngDxe: Select safe default Rng algorithm >> - Dropped due to changes in [6/8] >> >> This patch also requires the following patch on top of the serie: >> -https://edk2.groups.io/g/devel/message/106546 >> >> This patchset follows the 'code first' approach and relates to [1]. >> This patchset follows the thread at [3] that aims to solve [2]. >> [1] and [2] are bound and this patchset aims to solve both. >> >> In this patchset: >> a- >> The RngDxe can rely on the RngLib. However the RngLib has no >> interface allowing to describe which Rng algorithm is implemented. >> The RngDxe must advertise the algorithm that are available through >> the RngGetInfo() callback. >> Add a GetRngGuid() for interface to the RngLib. >> >> b- >> The Arm Architecture states the RNDR that the DRBG algorithm should >> be compliant with NIST SP800-90A, while not mandating a particular >> algorithm, so as to be inclusive of different geographies. >> The RngLib can rely on this Arm RNDR instruction. In order to >> accurately describe the implementation using the RNDR instruction, >> add a EFI_RNG_ALGORITHM_ARM_RNDR GUID [1]. >> >> c- >> For the same reason as a/b, add a GUID describing unsafe RNG >> algorithms, allowing to accurately describe the BaseRngLibTimerLib. >> >> d- >> Use a/b/c mechanisms/GUIDs to select a safe Rng algorithm in the >> Arm implementation of the RngDxe. >> >> [1] BZ:https://bugzilla.tianocore.org/show_bug.cgi?id=4441 >> [2] BZ:https://bugzilla.tianocore.org/show_bug.cgi?id=4151 >> [3]https://edk2.groups.io/g/devel/message/100806 >> >> Pierre Gondois (6): >> SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to >> MdePkg >> MdePkg/DxeRngLib: Request raw algorithm instead of default >> MdePkg/Rng: Add GUIDs to describe Rng algorithms >> MdePkg/Rng: Add GetRngGuid() to RngLib >> SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib >> SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm >> >> MdePkg/Include/Library/RngLib.h | 17 ++++++ >> MdePkg/Include/Protocol/Rng.h | 20 +++++++ >> MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 42 +++++++++++++++ >> MdePkg/Library/BaseRngLib/BaseRngLib.inf | 10 ++++ >> MdePkg/Library/BaseRngLib/Rand/RdRand.c | 26 +++++++++ >> .../Library/BaseRngLibNull/BaseRngLibNull.c | 22 ++++++++ >> .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 3 ++ >> .../Library/BaseRngLibTimerLib/RngLibTimer.c | 28 ++++++++++ >> MdePkg/Library/DxeRngLib/DxeRngLib.c | 36 ++++++++++++- >> MdePkg/MdePkg.dec | 7 +++ >> .../RngDxe/AArch64/AArch64Algo.c | 54 +++++++++++++------ >> .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 23 ++++---- >> .../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 +- >> SecurityPkg/SecurityPkg.dec | 2 - >> 14 files changed, 258 insertions(+), 37 deletions(-) >>