From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id F0CB6740039 for ; Wed, 8 May 2024 15:29:41 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=fEIfWtcHDiYF0AwcT72WFPzHurEeQDuk8x0jCH0kAuI=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240206; t=1715182180; v=1; b=qr+E5hyc4ZJQlm/FyGAhqYojYyG+UvFKljfhIVT7Ib/71sdhvskq0KaRo55cSGGWHT3EaWB/ 8d1JPUGii4gkl5dHFKbkMA1z6qq+qqK5XaG+6smJESyb6O72XzLc+1NekLCj5Kphvy6yQl3kGpB a5JB3Ts9/Dad705LyXnI0PpulpltpbmKuYdlN85mAF5bkcxFTrgJdNOn38Y7d/Cs2HH9sNtcp0Q /kJx3QypriO3mNgemkGTwGsoaSUy4DFEyTwxlLHNzcR6mFVd9YSZyVuu1RtN9GvhVIhRBG90LX6 4Jqr8Npi9ZnA8W+PQNBApCeHVmCTzHW9IBkZGyXb1rTWA== X-Received: by 127.0.0.2 with SMTP id kndFYY7687511xZgQLjl5wT1; Wed, 08 May 2024 08:29:40 -0700 X-Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.web11.15712.1715182177153092632 for ; Wed, 08 May 2024 08:29:37 -0700 X-Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-1edfc57ac0cso28610265ad.3 for ; Wed, 08 May 2024 08:29:37 -0700 (PDT) X-Gm-Message-State: ZCrccYT2ec6LLsheWLgcAoekx7686176AA= X-Google-Smtp-Source: AGHT+IGArPYj8Vmz3F8lJeEIk0aZXa55VxTfuFB1Ts232IkUvxaVmEKGToUB3M2Ok7QJXpqoKpG/Ig== X-Received: by 2002:a17:902:ea02:b0:1e4:362b:17d5 with SMTP id d9443c01a7336-1eeb03a6b3emr37090275ad.4.1715182176478; Wed, 08 May 2024 08:29:36 -0700 (PDT) X-Received: from localhost.localdomain (c-67-160-15-86.hsd1.wa.comcast.net. [67.160.15.86]) by smtp.gmail.com with ESMTPSA id kt7-20020a170903088700b001e862f0b319sm12032291plb.264.2024.05.08.08.29.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 May 2024 08:29:36 -0700 (PDT) From: "Doug Flick via groups.io" To: devel@edk2.groups.io Cc: Ard Biesheuvel , Jiewen Yao , Gerd Hoffmann Subject: [edk2-devel] [PATCH v1 09/14] OvmfPkg: Disable NIST Algorithms NetworkPkg Date: Wed, 8 May 2024 08:29:20 -0700 Message-Id: <20240508152925.741226-10-doug.edk2@gmail.com> In-Reply-To: <20240508152925.741226-1-doug.edk2@gmail.com> References: <20240508152925.741226-1-doug.edk2@gmail.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 08 May 2024 08:29:37 -0700 Resent-From: dougflick@microsoft.com Reply-To: devel@edk2.groups.io,dougflick@microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=qr+E5hyc; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io This commit disables enforcement of NIST defined RNG algorithms. Such that NetworkPkg will accept "Default" and depend on the platform. Cc: Ard Biesheuvel Cc: Jiewen Yao Cc: Gerd Hoffmann Signed-off-by: Doug Flick [MSFT] --- OvmfPkg/OvmfPkgIa32.dsc | 7 +++++++ OvmfPkg/OvmfPkgIa32X64.dsc | 9 +++++++++ OvmfPkg/OvmfPkgX64.dsc | 7 +++++++ OvmfPkg/OvmfXen.dsc | 7 +++++++ 4 files changed, 30 insertions(+) diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 7d7729e07729..080d1a93a0ee 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -571,6 +571,13 @@ [PcdsFixedAtBuild] #=0D !include NetworkPkg/NetworkPcds.dsc.inc=0D =0D + #=0D + # Platforms may not support the EDK2 Standard NIST Algorithms=0D + # This Pcd allows for platform to override the attempt to use the NIST A= lgorithms=0D + # and falls back to default such that the platform can own the Rng Algor= ithm=0D + #=0D + gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE=0D +=0D gEfiShellPkgTokenSpaceGuid.PcdShellFileOperationSize|0x20000=0D =0D !if $(SMM_REQUIRE) =3D=3D TRUE=0D diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 1e924ccc5eb4..d62f9ea3fa69 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -571,6 +571,8 @@ [PcdsFixedAtBuild] #=0D gUefiCpuPkgTokenSpaceGuid.PcdFirstTimeWakeUpAPsBySipi|FALSE=0D =0D +=0D +=0D [PcdsFixedAtBuild.IA32]=0D #=0D # The NumberOfPages values below are ad-hoc. They are updated sporadical= ly at=0D @@ -590,6 +592,13 @@ [PcdsFixedAtBuild.X64] #=0D !include NetworkPkg/NetworkPcds.dsc.inc=0D =0D + #=0D + # Platforms may not support the EDK2 Standard NIST Algorithms=0D + # This Pcd allows for platform to override the attempt to use the NIST A= lgorithms=0D + # and falls back to default such that the platform can own the Rng Algor= ithm=0D + #=0D + gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE=0D +=0D gEfiShellPkgTokenSpaceGuid.PcdShellFileOperationSize|0x20000=0D =0D !if $(SMM_REQUIRE) =3D=3D TRUE=0D diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 3637b967b139..761c86f73a6b 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -601,6 +601,13 @@ [PcdsFixedAtBuild] #=0D !include NetworkPkg/NetworkPcds.dsc.inc=0D =0D + #=0D + # Platforms may not support the EDK2 Standard NIST Algorithms=0D + # This Pcd allows for platform to override the attempt to use the NIST A= lgorithms=0D + # and falls back to default such that the platform can own the Rng Algor= ithm=0D + #=0D + gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE=0D +=0D gEfiShellPkgTokenSpaceGuid.PcdShellFileOperationSize|0x20000=0D =0D !if $(SMM_REQUIRE) =3D=3D TRUE=0D diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc index 7fc340d1c1df..0b2dac0cdaef 100644 --- a/OvmfPkg/OvmfXen.dsc +++ b/OvmfPkg/OvmfXen.dsc @@ -443,6 +443,13 @@ [PcdsFixedAtBuild] #=0D !include NetworkPkg/NetworkPcds.dsc.inc=0D =0D + #=0D + # Platforms may not support the EDK2 Standard NIST Algorithms=0D + # This Pcd allows for platform to override the attempt to use the NIST A= lgorithms=0D + # and falls back to default such that the platform can own the Rng Algor= ithm=0D + #=0D + gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE=0D +=0D !ifdef $(DEBUG_ON_HYPERVISOR_CONSOLE)=0D ## Set Xen's debug IO port for PlatformDebugLibIoPort=0D gUefiOvmfPkgTokenSpaceGuid.PcdDebugIoPort|0xe9=0D --=20 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118682): https://edk2.groups.io/g/devel/message/118682 Mute This Topic: https://groups.io/mt/105983248/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-