From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web10.26283.1683618149700494232 for ; Tue, 09 May 2023 00:42:29 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: pierre.gondois@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 373DD1063; Tue, 9 May 2023 00:43:13 -0700 (PDT) Received: from e126645.arm.com (e126645.nice.arm.com [10.34.100.110]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 36B803F5A1; Tue, 9 May 2023 00:42:27 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Jose Marinho , Samer El-Haj-Mahmoud Subject: [PATCH v1 0/8] SecurityPkg/MdePkg: RngLib GUID Date: Tue, 9 May 2023 09:40:34 +0200 Message-Id: <20230509074042.1523428-1-pierre.gondois@arm.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable From: Pierre Gondois This patchset follows the 'code first' approach and relies on [1]. This patchset follows the thread at [3] that aims to solve [2]. [1] and [2] are bound and this patchset aims to solve both. In this patchset: a- The RngDxe can rely on the RngLib. However the RngLib has no interface allowing to describe which Rng algorithm is implemented. The RngDxe must advertise the algorithm that are available through the RngGetInfo() callback. Add a GetRngGuid() for interface to the RngLib. b- The Arm Architecture states the RNDR that the DRBG algorithm should be compliant with NIST SP800-90A, while not mandating a particular algorithm, so as to be inclusive of different geographies. The RngLib can rely on this Arm RNDR instruction. In order to accurately describe the implementation using the RNDR instruction, add a EFI_RNG_ALGORITHM_ARM_RNDR GUID [1]. c- For the same reason as a/b, add a GUID describing unsafe RNG algorithms, allowing to accurately describe the BaseRngLibTimerLib. d- Use a/b/c mechanisms/GUIDs to select a safe Rng algorithm in the Arm implementation of the RngDxe. [1] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4441 [2] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4151 [3] https://edk2.groups.io/g/devel/message/100806 Pierre Gondois (8): MdePkg/ArmTrngLib: Remove ASSERTs in Null implementation MdePkg/MdePkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg MdePkg/DxeRngLib: Request raw algorithm instead of default MdePkg/Rng: Add GUIDs to describe Rng algorithms MdePkg/Rng: Add GetRngGuid() to RngLib SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib SecurityPkg/RngDxe: Select safe default Rng algorithm SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm MdePkg/Include/Library/RngLib.h | 17 +++++ MdePkg/Include/Protocol/Rng.h | 20 ++++++ .../BaseArmTrngLibNull/BaseArmTrngLibNull.c | 4 -- MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 42 +++++++++++ MdePkg/Library/BaseRngLib/BaseRngLib.inf | 9 +++ MdePkg/Library/BaseRngLib/Rand/RdRand.c | 26 +++++++ .../Library/BaseRngLibNull/BaseRngLibNull.c | 22 ++++++ .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 3 + .../Library/BaseRngLibTimerLib/RngLibTimer.c | 28 ++++++++ MdePkg/Library/DxeRngLib/DxeRngLib.c | 36 +++++++++- MdePkg/MdePkg.dec | 7 ++ .../RngDxe/AArch64/AArch64Algo.c | 70 +++++++++++++++---- .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 23 +++--- .../RandomNumberGenerator/RngDxe/RngDxe.inf | 5 +- SecurityPkg/SecurityPkg.dec | 2 - 15 files changed, 278 insertions(+), 36 deletions(-) --=20 2.25.1