From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+118682+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id F0CB6740039
	for <rebecca@openfw.io>; Wed,  8 May 2024 15:29:41 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=fEIfWtcHDiYF0AwcT72WFPzHurEeQDuk8x0jCH0kAuI=;
 c=relaxed/simple; d=groups.io;
 h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding;
 s=20240206; t=1715182180; v=1;
 b=qr+E5hyc4ZJQlm/FyGAhqYojYyG+UvFKljfhIVT7Ib/71sdhvskq0KaRo55cSGGWHT3EaWB/
 8d1JPUGii4gkl5dHFKbkMA1z6qq+qqK5XaG+6smJESyb6O72XzLc+1NekLCj5Kphvy6yQl3kGpB
 a5JB3Ts9/Dad705LyXnI0PpulpltpbmKuYdlN85mAF5bkcxFTrgJdNOn38Y7d/Cs2HH9sNtcp0Q
 /kJx3QypriO3mNgemkGTwGsoaSUy4DFEyTwxlLHNzcR6mFVd9YSZyVuu1RtN9GvhVIhRBG90LX6
 4Jqr8Npi9ZnA8W+PQNBApCeHVmCTzHW9IBkZGyXb1rTWA==
X-Received: by 127.0.0.2 with SMTP id kndFYY7687511xZgQLjl5wT1; Wed, 08 May 2024 08:29:40 -0700
X-Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175])
 by mx.groups.io with SMTP id smtpd.web11.15712.1715182177153092632
 for <devel@edk2.groups.io>;
 Wed, 08 May 2024 08:29:37 -0700
X-Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-1edfc57ac0cso28610265ad.3
        for <devel@edk2.groups.io>; Wed, 08 May 2024 08:29:37 -0700 (PDT)
X-Gm-Message-State: ZCrccYT2ec6LLsheWLgcAoekx7686176AA=
X-Google-Smtp-Source: AGHT+IGArPYj8Vmz3F8lJeEIk0aZXa55VxTfuFB1Ts232IkUvxaVmEKGToUB3M2Ok7QJXpqoKpG/Ig==
X-Received: by 2002:a17:902:ea02:b0:1e4:362b:17d5 with SMTP id d9443c01a7336-1eeb03a6b3emr37090275ad.4.1715182176478;
        Wed, 08 May 2024 08:29:36 -0700 (PDT)
X-Received: from localhost.localdomain (c-67-160-15-86.hsd1.wa.comcast.net. [67.160.15.86])
        by smtp.gmail.com with ESMTPSA id kt7-20020a170903088700b001e862f0b319sm12032291plb.264.2024.05.08.08.29.35
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 08 May 2024 08:29:36 -0700 (PDT)
From: "Doug Flick via groups.io" <dougflick=microsoft.com@groups.io>
To: devel@edk2.groups.io
Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>,
	Jiewen Yao <jiewen.yao@intel.com>,
	Gerd Hoffmann <kraxel@redhat.com>
Subject: [edk2-devel] [PATCH v1 09/14] OvmfPkg: Disable NIST Algorithms NetworkPkg
Date: Wed,  8 May 2024 08:29:20 -0700
Message-Id: <20240508152925.741226-10-doug.edk2@gmail.com>
In-Reply-To: <20240508152925.741226-1-doug.edk2@gmail.com>
References: <20240508152925.741226-1-doug.edk2@gmail.com>
MIME-Version: 1.0
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Wed, 08 May 2024 08:29:37 -0700
Resent-From: dougflick@microsoft.com
Reply-To: devel@edk2.groups.io,dougflick@microsoft.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=qr+E5hyc;
	dmarc=pass (policy=none) header.from=groups.io;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io

This commit disables enforcement of NIST defined
RNG algorithms. Such that NetworkPkg will accept
"Default" and depend on the platform.

Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>

Signed-off-by: Doug Flick [MSFT] <doug.edk2@gmail.com>
---
 OvmfPkg/OvmfPkgIa32.dsc    | 7 +++++++
 OvmfPkg/OvmfPkgIa32X64.dsc | 9 +++++++++
 OvmfPkg/OvmfPkgX64.dsc     | 7 +++++++
 OvmfPkg/OvmfXen.dsc        | 7 +++++++
 4 files changed, 30 insertions(+)

diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
index 7d7729e07729..080d1a93a0ee 100644
--- a/OvmfPkg/OvmfPkgIa32.dsc
+++ b/OvmfPkg/OvmfPkgIa32.dsc
@@ -571,6 +571,13 @@ [PcdsFixedAtBuild]
   #=0D
 !include NetworkPkg/NetworkPcds.dsc.inc=0D
 =0D
+  #=0D
+  # Platforms may not support the EDK2 Standard NIST Algorithms=0D
+  # This Pcd allows for platform to override the attempt to use the NIST A=
lgorithms=0D
+  # and falls back to default such that the platform can own the Rng Algor=
ithm=0D
+  #=0D
+  gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE=0D
+=0D
   gEfiShellPkgTokenSpaceGuid.PcdShellFileOperationSize|0x20000=0D
 =0D
 !if $(SMM_REQUIRE) =3D=3D TRUE=0D
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
index 1e924ccc5eb4..d62f9ea3fa69 100644
--- a/OvmfPkg/OvmfPkgIa32X64.dsc
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc
@@ -571,6 +571,8 @@ [PcdsFixedAtBuild]
   #=0D
   gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE=0D
 =0D
+=0D
+=0D
 [PcdsFixedAtBuild.IA32]=0D
   #=0D
   # The NumberOfPages values below are ad-hoc. They are updated sporadical=
ly at=0D
@@ -590,6 +592,13 @@ [PcdsFixedAtBuild.X64]
   #=0D
 !include NetworkPkg/NetworkPcds.dsc.inc=0D
 =0D
+  #=0D
+  # Platforms may not support the EDK2 Standard NIST Algorithms=0D
+  # This Pcd allows for platform to override the attempt to use the NIST A=
lgorithms=0D
+  # and falls back to default such that the platform can own the Rng Algor=
ithm=0D
+  #=0D
+  gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE=0D
+=0D
   gEfiShellPkgTokenSpaceGuid.PcdShellFileOperationSize|0x20000=0D
 =0D
 !if $(SMM_REQUIRE) =3D=3D TRUE=0D
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index 3637b967b139..761c86f73a6b 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -601,6 +601,13 @@ [PcdsFixedAtBuild]
   #=0D
 !include NetworkPkg/NetworkPcds.dsc.inc=0D
 =0D
+  #=0D
+  # Platforms may not support the EDK2 Standard NIST Algorithms=0D
+  # This Pcd allows for platform to override the attempt to use the NIST A=
lgorithms=0D
+  # and falls back to default such that the platform can own the Rng Algor=
ithm=0D
+  #=0D
+  gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE=0D
+=0D
   gEfiShellPkgTokenSpaceGuid.PcdShellFileOperationSize|0x20000=0D
 =0D
 !if $(SMM_REQUIRE) =3D=3D TRUE=0D
diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc
index 7fc340d1c1df..0b2dac0cdaef 100644
--- a/OvmfPkg/OvmfXen.dsc
+++ b/OvmfPkg/OvmfXen.dsc
@@ -443,6 +443,13 @@ [PcdsFixedAtBuild]
   #=0D
 !include NetworkPkg/NetworkPcds.dsc.inc=0D
 =0D
+  #=0D
+  # Platforms may not support the EDK2 Standard NIST Algorithms=0D
+  # This Pcd allows for platform to override the attempt to use the NIST A=
lgorithms=0D
+  # and falls back to default such that the platform can own the Rng Algor=
ithm=0D
+  #=0D
+  gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE=0D
+=0D
 !ifdef $(DEBUG_ON_HYPERVISOR_CONSOLE)=0D
   ## Set Xen's debug IO port for PlatformDebugLibIoPort=0D
   gUefiOvmfPkgTokenSpaceGuid.PcdDebugIoPort|0xe9=0D
--=20
2.34.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118682): https://edk2.groups.io/g/devel/message/118682
Mute This Topic: https://groups.io/mt/105983248/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-