From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (EUR01-VE1-obe.outbound.protection.outlook.com [40.107.14.89])
 by mx.groups.io with SMTP id smtpd.web11.83467.1682438717349846200
 for <devel@edk2.groups.io>;
 Tue, 25 Apr 2023 09:05:17 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=PzLCt3qn;
 spf=pass (domain: arm.com, ip: 40.107.14.89, mailfrom: sami.mujawar@arm.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;
 s=selector2-armh-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=B6BW4DLITQBE+qf/EJbQmQZamV0fpzUlCNUKDINAM3Q=;
 b=PzLCt3qnAAISfdW3AB3boL+bZ6NScDEvf5sA6mM1qdebSeri39fdK6jTENBMZrUOsy4BQ4rBlbJm5/c6CngvnKoNzee6Fg4S0wMLLHCdDJ5cgAxk70t4th6aELszTvCccE3wu/xuzfVjLmOPLf+HQkpT2WY2ZRRIyGNBhuZJcMY=
Received: from AS8PR04CA0159.eurprd04.prod.outlook.com (2603:10a6:20b:331::14)
 by AS8PR08MB10099.eurprd08.prod.outlook.com (2603:10a6:20b:628::5) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.33; Tue, 25 Apr
 2023 16:05:14 +0000
Received: from AM7EUR03FT057.eop-EUR03.prod.protection.outlook.com
 (2603:10a6:20b:331:cafe::8f) by AS8PR04CA0159.outlook.office365.com
 (2603:10a6:20b:331::14) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.34 via Frontend
 Transport; Tue, 25 Apr 2023 16:05:14 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123)
 smtp.mailfrom=arm.com; dkim=pass (signature was verified)
 header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
 63.35.35.123 as permitted sender) receiver=protection.outlook.com;
 client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
 pr=C
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by
 AM7EUR03FT057.mail.protection.outlook.com (100.127.140.117) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6340.21 via Frontend Transport; Tue, 25 Apr 2023 16:05:13 +0000
Received: ("Tessian outbound 945aec65ec65:v136"); Tue, 25 Apr 2023 16:05:13 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: 2c961156b0ee9ee4
X-CR-MTA-TID: 64aa7808
Received: from 0fd47ba6f48c.1
	by 64aa7808-outbound-1.mta.getcheckrecipient.com id C5AA35FA-ED8C-49EC-9709-59BB20063A52.1;
	Tue, 25 Apr 2023 16:05:06 +0000
Received: from EUR02-AM0-obe.outbound.protection.outlook.com
    by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 0fd47ba6f48c.1
    (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384);
    Tue, 25 Apr 2023 16:05:06 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=Qgvt6jCOqoEAKUkuPOS3tS3s+24OxRJx2F9mVTA4LNbVYHcJvJ6sgKR9wJt++/FY8aCONY0ZY2G9sqqizNxdorT8ILpEE+75MPOkh9F+jDFFz2XNWBf5l+D+4U09iNZ8D6fkBrDQ3P779lHa3KZuSAvTxM67LsUbPU25XpnTyUtWKYqKuege5wQeS/oNcvjRgSxNxjT2fIgLjxSGGpgpWBVxBHWBZEBCdcwOcyYd7+uY1MFmSTvDG+JEqpsRQzA1fXsJsdQv8nVhtoJ7ihzDdsgCSWXHRDhc8tvV2LRa4wgpvkdTuN8prZwULtkmTDifL2wiLfeq1j9ZlDaF02uQ/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=B6BW4DLITQBE+qf/EJbQmQZamV0fpzUlCNUKDINAM3Q=;
 b=lLdfVn2rNlsmsFhWqI5NIwSBwUjr3dRqBqt827Y091b+lcMdT2sXC/b/7039Ygv/vW7c93AD9hgaWnsi+vCtDZyTvdEsjsZrVkEP4HkCvtQu5OChrZhUy0v+2VEXYuQK8ZY4WbQvV9k8g0QqvbzgX0PsREkC/iT/rGlgFuyAyzIdT8GFo4NfyiYDPiliuFv65ilfIwASVphI7BLelD46XqWizr/e/o6/GSYivo7dA2Ap5RavpWTnwXefxh3DjzJ/xkIyAJM4DuMlsH5IgTTtTbR0SOrAiUzkXljAbpFLWyIhGFIlR3g91L5yUvucAgrGvEpfS4Tt6v3YEQZ5gwrbAA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 40.67.248.234) smtp.rcpttodomain=edk2.groups.io smtp.mailfrom=arm.com;
 dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com;
 dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com;
 s=selector2-armh-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=B6BW4DLITQBE+qf/EJbQmQZamV0fpzUlCNUKDINAM3Q=;
 b=PzLCt3qnAAISfdW3AB3boL+bZ6NScDEvf5sA6mM1qdebSeri39fdK6jTENBMZrUOsy4BQ4rBlbJm5/c6CngvnKoNzee6Fg4S0wMLLHCdDJ5cgAxk70t4th6aELszTvCccE3wu/xuzfVjLmOPLf+HQkpT2WY2ZRRIyGNBhuZJcMY=
Received: from DUZPR01CA0011.eurprd01.prod.exchangelabs.com
 (2603:10a6:10:3c3::19) by GV2PR08MB8582.eurprd08.prod.outlook.com
 (2603:10a6:150:b5::16) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.34; Tue, 25 Apr
 2023 16:05:03 +0000
Received: from DBAEUR03FT004.eop-EUR03.prod.protection.outlook.com
 (2603:10a6:10:3c3:cafe::38) by DUZPR01CA0011.outlook.office365.com
 (2603:10a6:10:3c3::19) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6319.34 via Frontend
 Transport; Tue, 25 Apr 2023 16:05:03 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 40.67.248.234)
 smtp.mailfrom=arm.com; dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
 40.67.248.234 as permitted sender) receiver=protection.outlook.com;
 client-ip=40.67.248.234; helo=nebula.arm.com; pr=C
Received: from nebula.arm.com (40.67.248.234) by
 DBAEUR03FT004.mail.protection.outlook.com (100.127.142.103) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.20.6340.20 via Frontend Transport; Tue, 25 Apr 2023 16:05:03 +0000
Received: from AZ-NEU-EX04.Arm.com (10.251.24.32) by AZ-NEU-EX04.Arm.com
 (10.251.24.32) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Tue, 25 Apr
 2023 16:05:00 +0000
Received: from E114225.Arm.com (10.1.196.36) by mail.arm.com (10.251.24.32)
 with Microsoft SMTP Server id 15.1.2507.23 via Frontend Transport; Tue, 25
 Apr 2023 16:05:00 +0000
From: "Sami Mujawar" <sami.mujawar@arm.com>
To: <devel@edk2.groups.io>
CC: Sami Mujawar <sami.mujawar@arm.com>, <ardb+tianocore@kernel.org>,
	<quic_llindhol@quicinc.com>, <kraxel@redhat.com>, <Pierre.Gondois@arm.com>,
	<Suzuki.Poulose@arm.com>, <jean-philippe@linaro.org>,
	<Matteo.Carlini@arm.com>, <Akanksha.Jain2@arm.com>, <Ben.Adderson@arm.com>,
	<nd@arm.com>
Subject: [RFC PATCH v1 30/30] ArmVirtPkg: Kvmtool: Switch to use BaseRng for AArch64
Date: Tue, 25 Apr 2023 17:04:28 +0100
Message-ID: <20230425160428.27980-31-sami.mujawar@arm.com>
X-Mailer: git-send-email 2.16.2.windows.1
In-Reply-To: <20230425160428.27980-1-sami.mujawar@arm.com>
References: <20230425160428.27980-1-sami.mujawar@arm.com>
MIME-Version: 1.0
X-EOPAttributedMessage: 1
X-MS-TrafficTypeDiagnostic: 
	DBAEUR03FT004:EE_|GV2PR08MB8582:EE_|AM7EUR03FT057:EE_|AS8PR08MB10099:EE_
X-MS-Office365-Filtering-Correlation-Id: c9ca6ea9-e94e-4418-7133-08db45a6dac2
x-checkrecipientrouted: true
NoDisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 
 DEjrrNby/NYijJopYBHwgM6/lGSrqt8mTy/DMMhxZ5L+gK4To5isdWu+R8UwoOlPUs/7ydpQps5ahBHEb8ja2D8NTFQLkjErxD5yos2U0UdRbJLHQGaYdMztfnKnmOeGWZKiP8V5Ps235189G+jWiUnzj2S2Ry38PyTfQK+lqeR+Tgo7xDNvgyhHV9pTqsvCDsFfS3QsAtscO/TwsdG29VAgB+uN6pBaFSPClBq7hA4GuLWisM9BLxN2ggor630DY4PQ+jfJd5p6N047RTpZwcqiEbm/VijDXIox8fpkjJFa8S9JEHGspWwngja9I3DyZOiaGn9CtVUGLgmYuF/6Sdap+ToHRxJNCeYzi2VSTtYPVGoJS3Aj28A6kjzuFzO6i6x5y8WcK2Uic5BvwbbhyX9BGFvACtWdIOlW0myDvQqgP6um3F7K212Ve+7F7J8w/gMDcuZXqz7kinXOLcWOZxZwKRq80mkyfX83n6NBYQzP3KwnZrbmXgqgz602rALIYAUnuOKTp0JvDhlL6qcgvCkHdQ+RwoZ+ZIU9jTm/loq2kAgg3BdMgTP95ZIhtCfVf/Ilq9Gvxia7u7EaFpJxBeAWoF1emBr0JvKhaQ2olTGacOWAhW39d3cnjWvV9JRz28Gdt+K3JTGq8RJvsSwChVrHAfOPeVz0E8J4XlXqst/UzibZ5gVbe3pALWhLkByipFuK5gqjKdkMVbpYg6oaKCmCUSmAjicIKkumvRY9YZs=
X-Forefront-Antispam-Report-Untrusted: 
 CIP:40.67.248.234;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:nebula.arm.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(396003)(376002)(346002)(136003)(451199021)(36840700001)(46966006)(34070700002)(54906003)(478600001)(5660300002)(8936002)(8676002)(36756003)(2906002)(86362001)(82310400005)(44832011)(40480700001)(6916009)(4326008)(82740400003)(316002)(70206006)(70586007)(356005)(41300700001)(81166007)(426003)(336012)(186003)(2616005)(1076003)(26005)(36860700001)(83380400001)(7696005)(47076005)(6666004)(36900700001);DIR:OUT;SFP:1101;
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2PR08MB8582
Return-Path: Sami.Mujawar@arm.com
X-MS-Exchange-Transport-CrossTenantHeadersStripped: 
 AM7EUR03FT057.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 
	be2ccbc8-2170-4862-0de5-08db45a6d439
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
	a8YJHbAsK6VY0iH8Oy3xWisdN4bi6+nDs0z6Ud2niuZ8jgZPYVusN0skmGNfau3egtC/pgou+/BFqPmES7yU6597FWdrE0I8pPZ8t4JoL/j50TRAfs0yX/Z+tjStaWtTfohx/yVNStyDEpVl8VDbdNkZTakh1wKKGjWGXtmLdJ5ChXdtPEbtglrizCDe3A/KT9uDs8bAeadV9Cu+2SPWiCChbAb1DMMfSLk7BRyNHNYmuzrMpV11fdbmhI6XtcFmz8djE0Q47ZmWIroKtGaPGWiR6TcKfo6j8A8hBPLaaZK3zfpXskEyPNhtJ1gxWhOzJbx6IPK+nJwFkEFYSJO8ipFTif0popsRffzkzIaqLNkELjWmGxq9l2SVR9UAJ/uTQ4m3iM5ywee25F0InLcPPZrWS+ZFI7kHQ2Uh4Ea8COno3h2MwgeGgx9hJkw/LH1L4b2OAIp23N3FXUwMjrSUETj9EJ6E7jykmc53a0AsYuvzBwXwuDftJwiTKm9EWonylMmAgumaSlTIY2M+cy+sWWCTTWOzZDdPFUhoIzlBlc6+hU54bBWshbryYlMaa+LNEgH1DiDWnqlW+MwnhXtZrJYWqw7z1Bhwf5BjmTQKZg+k9C3tdOrRyhSR/S7qOqITrOU40J3BGnK6A/Qw9ypB9czY/9QHwvcf0IDKKmmHUWpZHV+U959Y1nQcmZZoZuXzVCva+TuGG9UPkB25q6S0D+b+vx6ltaU8EUa576bDK+4=
X-Forefront-Antispam-Report: 
	CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230028)(4636009)(396003)(346002)(136003)(39860400002)(376002)(451199021)(46966006)(36840700001)(40470700004)(7696005)(2906002)(2616005)(6666004)(186003)(40480700001)(1076003)(70206006)(70586007)(8936002)(8676002)(41300700001)(6916009)(4326008)(316002)(26005)(478600001)(44832011)(5660300002)(54906003)(82740400003)(81166007)(82310400005)(36756003)(86362001)(40460700003)(36860700001)(47076005)(336012)(426003)(83380400001)(34070700002);DIR:OUT;SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Apr 2023 16:05:13.9652
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: c9ca6ea9-e94e-4418-7133-08db45a6dac2
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	AM7EUR03FT057.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB10099
Content-Type: text/plain

The kvmtool guest firmware is using the default RNG library
defined in ArmVirtPkg.dsc.inc which is BaseRngLibTimerLib.

BaseRngLibTimerLib is only present to use for test purposes on
platforms that do not have a suitable RNG source and must not be
used for production purposes.

Armv8.5 introduces random number instructions (e.g., RNDR) which
return a 64-bit random number. Although, this feature is optional,
it can be assumed that most modern platforms will implement this
support. This feature i.e. FEAT_RNG can be discovered by examining
the processor feature registers.

It is therefore desirable to use the RNDR instructions instead of
using the default BaseRngLibTimerLib which is unsafe.

The BaseRngLib in MdePkg already implements the RNG support using
RNDR. However, it is worth noting that FEAT_RNG is supported in
AArch64 state only. Therefore, switch to using the BaseRngLib
instance for AArch64 firmware builds. The AArch32 firmware builds
will continue to use BaseRngLibTimerLib.

Note: The guest firmware already supports Virtio RNG. So, should
the processor not implement FEAT_RNG, the guest firmware can fall
back to use Virtio RNG.

Signed-off-by: Sami Mujawar <sami.mujawar@arm.com>
---
 ArmVirtPkg/ArmVirtKvmTool.dsc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ArmVirtPkg/ArmVirtKvmTool.dsc b/ArmVirtPkg/ArmVirtKvmTool.dsc
index d9dd7a67307ffed5da16837301f18e7715187450..829a378a8dcfdbb5045db3610104a0f5c43431dc 100644
--- a/ArmVirtPkg/ArmVirtKvmTool.dsc
+++ b/ArmVirtPkg/ArmVirtKvmTool.dsc
@@ -89,6 +89,7 @@ [LibraryClasses.common]
 [LibraryClasses.AARCH64]
   ArmCcaLib|ArmVirtPkg/Library/ArmCcaLib/ArmCcaLib.inf
   ArmCcaRsiLib|ArmVirtPkg/Library/ArmCcaRsiLib/ArmCcaRsiLib.inf
+  RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
 
 [LibraryClasses.common.SEC, LibraryClasses.common.PEI_CORE, LibraryClasses.common.PEIM]
   PciExpressLib|MdePkg/Library/BasePciExpressLib/BasePciExpressLib.inf
@@ -170,6 +171,10 @@ [PcdsFixedAtBuild.common]
   gEfiMdeModulePkgTokenSpaceGuid.PcdMaxAuthVariableSize|0x2800
 !endif
 
+  # Define a UUID that represents the CPU based RNG algorithm implemented by RNDR
+  # {BABE3B70-6474-4C0C-AFD8-3B8A32482C40}
+  gEfiSecurityPkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm|{ 0xba, 0xbe, 0x3b, 0x70, 0x64, 0x74, 0x4c, 0x0c, 0xaf, 0xd8, 0x3b, 0x8a, 0x32, 0x48, 0x2c, 0x40}
+
 [PcdsPatchableInModule.common]
   #
   # This will be overridden in the code
-- 
'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)'