From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id A31FDAC0F69 for ; Fri, 11 Aug 2023 14:33:23 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=naADXg+19PxBTfEnadCXjk51ED8sK+T0iC0o34/PhDs=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20140610; t=1691764402; v=1; b=UO+mEcW/8q5bX18y9HLqRqd+qaH4lFcAV876ZDsf0TnZwDVAsYAAooa3/9oEeHaypXEAyWua tYn8Zt8nuIhWdhqZXuht960UbV+BE0/Gk2bTU25Xwrva82DaTCMk6R/jwnKQ9JDp+UZHV1+Yj3Y AB9LPyGGnGyMMn8pZueeRoCg= X-Received: by 127.0.0.2 with SMTP id 14PLYY7687511xTCv7hzKsUz; Fri, 11 Aug 2023 07:33:22 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.44216.1691764401437942376 for ; Fri, 11 Aug 2023 07:33:21 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 704C9113E; Fri, 11 Aug 2023 07:34:03 -0700 (PDT) X-Received: from e126645.arm.com (unknown [10.57.35.55]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id DB2553F64C; Fri, 11 Aug 2023 07:33:18 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Sami Mujawar , Kun Qin Subject: [edk2-devel] [PATCH v6 0/9] SecurityPkg/MdePkg: Update RngLib GUID identification Date: Fri, 11 Aug 2023 16:33:01 +0200 Message-Id: <20230811143310.55101-1-pierre.gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: aNHksx6OkwpYQAXm2diWz35ox7686176AA= Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b="UO+mEcW/"; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=arm.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io From: Pierre Gondois v6: - Added Tested/Reviewed-by - [8/9] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib - Remove unused gEfiRngAlgorithmArmRndr definition in=20 v5: - Let an implementation of BaseRngLibTimer in MdePkg to give some time to platform owners to use the MdeModulePkg implementation. [4] - New patch: - [2/8] MdePkg: Add deprecated warning to BaseRngLibTimer v4: - New patches: - [1/8] MdePkg: Move BaseRngLibTimerLib to MdeModulePkg - [5/8] MdeModulePkg/Rng: Add GUID to describe unsafe Rng algorithms - This patch-set now requires to be accepted along an edk-platforms patch moving the BaseRngLibTimerLib to MdeModulePkg v3: - As the unsafe algorithm GUID will not be added to the UEFI specification, rename: - gEfiRngAlgorithmUnSafe to gEdkiiRngAlgorithmUnSafe - EFI_RNG_ALGORITHM_UNSAFE to EDKII_RNG_ALGORITHM_UNSAFE v2: [1/8] MdePkg/ArmTrngLib: Remove ASSERTs in Null implementation - Dropped [2/8] MdePkg/MdePkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg - Change gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm token number - Rename to SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg [5/8] MdePkg/Rng: Add GetRngGuid() to RngLib - Remove gEfiRngAlgorithmUnSafe from inf file - Split Guids definitions in arch specific sections [6/8] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib - Remove RngFindDefaultAlgo() and change logic accordingly. [7/8] SecurityPkg/RngDxe: Select safe default Rng algorithm - Dropped due to changes in [6/8] This patch also requires the following patch on top of the serie: - https://edk2.groups.io/g/devel/message/106546 This patchset follows the 'code first' approach and relates to [1]. This patchset follows the thread at [3] that aims to solve [2]. [1] and [2] are bound and this patchset aims to solve both. In this patchset: a- The RngDxe can rely on the RngLib. However the RngLib has no interface allowing to describe which Rng algorithm is implemented. The RngDxe must advertise the algorithm that are available through the RngGetInfo() callback. Add a GetRngGuid() for interface to the RngLib. b- The Arm Architecture states the RNDR that the DRBG algorithm should be compliant with NIST SP800-90A, while not mandating a particular algorithm, so as to be inclusive of different geographies. The RngLib can rely on this Arm RNDR instruction. In order to accurately describe the implementation using the RNDR instruction, add a EFI_RNG_ALGORITHM_ARM_RNDR GUID [1]. c- For the same reason as a/b, add a GUID describing unsafe RNG algorithms, allowing to accurately describe the BaseRngLibTimerLib. d- Use a/b/c mechanisms/GUIDs to select a safe Rng algorithm in the Arm implementation of the RngDxe. [1] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4441 [2] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4151 [3] https://edk2.groups.io/g/devel/message/100806 [4] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4504 Pierre Gondois (9): MdeModulePkg: Duplicate BaseRngLibTimerLib to MdeModulePkg MdePkg: Add deprecated warning to BaseRngLibTimer SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg MdePkg/DxeRngLib: Request raw algorithm instead of default MdePkg/Rng: Add GUID to describe Arm Rndr Rng algorithms MdeModulePkg/Rng: Add GUID to describe unsafe Rng algorithms MdePkg/Rng: Add GetRngGuid() to RngLib SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm ArmVirtPkg/ArmVirt.dsc.inc | 2 +- EmulatorPkg/EmulatorPkg.dsc | 2 +- MdeModulePkg/Include/Guid/RngAlgorithm.h | 23 ++++++++ .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 6 +- .../BaseRngLibTimerLib/BaseRngLibTimerLib.uni | 15 +++++ .../Library/BaseRngLibTimerLib/RngLibTimer.c | 28 ++++++++++ MdeModulePkg/MdeModulePkg.dec | 3 + MdeModulePkg/MdeModulePkg.dsc | 1 + MdePkg/Include/Library/RngLib.h | 17 ++++++ MdePkg/Include/Protocol/Rng.h | 10 ++++ MdePkg/Library/BaseRngLib/AArch64/Rndr.c | 42 ++++++++++++++ MdePkg/Library/BaseRngLib/BaseRngLib.inf | 10 ++++ MdePkg/Library/BaseRngLib/Rand/RdRand.c | 26 +++++++++ .../Library/BaseRngLibNull/BaseRngLibNull.c | 22 ++++++++ .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 1 + .../Library/BaseRngLibTimerLib/RngLibTimer.c | 45 +++++++++++++++ MdePkg/Library/DxeRngLib/DxeRngLib.c | 36 +++++++++++- MdePkg/MdePkg.dec | 6 ++ NetworkPkg/NetworkPkg.dsc | 4 +- OvmfPkg/AmdSev/AmdSevX64.dsc | 2 +- OvmfPkg/Bhyve/BhyveX64.dsc | 2 +- OvmfPkg/CloudHv/CloudHvX64.dsc | 2 +- OvmfPkg/IntelTdx/IntelTdxX64.dsc | 2 +- OvmfPkg/Microvm/MicrovmX64.dsc | 2 +- OvmfPkg/OvmfPkgIa32.dsc | 2 +- OvmfPkg/OvmfPkgIa32X64.dsc | 2 +- OvmfPkg/OvmfPkgX64.dsc | 2 +- OvmfPkg/OvmfXen.dsc | 2 +- OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc | 2 +- .../RngDxe/AArch64/AArch64Algo.c | 55 +++++++++++++------ .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 23 +++----- .../RandomNumberGenerator/RngDxe/RngDxe.inf | 4 +- SecurityPkg/SecurityPkg.dec | 2 - SecurityPkg/SecurityPkg.dsc | 4 +- SignedCapsulePkg/SignedCapsulePkg.dsc | 4 +- 35 files changed, 355 insertions(+), 56 deletions(-) create mode 100644 MdeModulePkg/Include/Guid/RngAlgorithm.h copy {MdePkg =3D> MdeModulePkg}/Library/BaseRngLibTimerLib/BaseRngLibTim= erLib.inf (85%) create mode 100644 MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTim= erLib.uni copy {MdePkg =3D> MdeModulePkg}/Library/BaseRngLibTimerLib/RngLibTimer.c= (83%) --=20 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#107709): https://edk2.groups.io/g/devel/message/107709 Mute This Topic: https://groups.io/mt/100684678/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-