From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+119785+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 920C1AC1296
	for <rebecca@openfw.io>; Wed,  3 Jul 2024 12:39:54 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=TmqAtQ9HWUURAMM6tU0rHxE5Yo7OXLMCZDVIJ1xStNk=;
 c=relaxed/simple; d=groups.io;
 h=From:Date:Subject:MIME-Version:Message-Id:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding;
 s=20240206; t=1720010394; v=1;
 b=EQJkb3UUKBOK06fyUM6j6o1MEH84rB0Gjb7nOkJnXCg8Zl6/k35keLnhfZDvCRvMfUrJquG5
 CuzADb93wcEPrrPzURl4twiZBAwJPe1wKfX2wfj0I5Tm1R5Uh+Cjul738yY6A1IbhodVtMnBCyH
 3PNlnp6tX7EWUfCK06m2Kgdp8hR6FyWg1AKOVQJtRoTZEAAeVE6GlYndwjHpX4dNPvQMO2NYmW1
 2oyQgRMg6Uq5TQ9KBvVLnXbIZSQBPTUBs4vUSwrs8sM+iyw6lzq/p5KDkPC1ODuMeadn6fnIxyf
 Tdqc4ravp4NeFviVcrTtoO+RqLbQApwIa/ZUNU2bkf9Yg==
X-Received: by 127.0.0.2 with SMTP id me8WYY7687511x4IxohzDw8I; Wed, 03 Jul 2024 05:39:52 -0700
X-Received: from muminek.juszkiewicz.com.pl (muminek.juszkiewicz.com.pl [213.251.184.221])
 by mx.groups.io with SMTP id smtpd.web10.49197.1720010386814632367
 for <devel@edk2.groups.io>;
 Wed, 03 Jul 2024 05:39:47 -0700
X-Received: from localhost (localhost [127.0.0.1])
	by muminek.juszkiewicz.com.pl (Postfix) with ESMTP id 3D113260841;
	Wed,  3 Jul 2024 14:39:44 +0200 (CEST)
X-Virus-Scanned: Debian amavis at juszkiewicz.com.pl
X-Received: from muminek.juszkiewicz.com.pl ([127.0.0.1])
 by localhost (muminek.juszkiewicz.com.pl [127.0.0.1]) (amavis, port 10024)
 with ESMTP id p6WjQCZvYjEf; Wed,  3 Jul 2024 14:39:42 +0200 (CEST)
X-Received: from applejack.lan (83.8.74.165.ipv4.supernova.orange.pl [83.8.74.165])
	by muminek.juszkiewicz.com.pl (Postfix) with ESMTPSA id 910F526018B;
	Wed,  3 Jul 2024 14:39:41 +0200 (CEST)
From: "Marcin Juszkiewicz" <marcin.juszkiewicz@linaro.org>
Date: Wed, 03 Jul 2024 14:39:31 +0200
Subject: [edk2-devel] [PATCH edk2-platforms v2] SbsaQemu: use FEAT_RNG for EFI_RNG_PROTOCOL
MIME-Version: 1.0
Message-Id: <20240703-efi-rng-protocol-v2-1-73a486537538@linaro.org>
X-B4-Tracking: v=1; b=H4sIAIJGhWYC/32NQQqDMBBFryKz7pQYtSFdeY/iItWpDkhGJiIt4
 t2beoAu3+f/93dIpEwJ7sUOShsnlpjBXgropxBHQh4ygzW2Ns5USC9GjSMuKqv0MuOTvC+b6ua
 MD5Bni+bK+1Q+uswTp1X0cz5s9pf+kW0WS3RVGHxNpXd9084cg8pVdITuOI4vEfI9HbEAAAA=
To: devel@edk2.groups.io
Cc: Leif Lindholm <quic_llindhol@quicinc.com>, 
 Ard Biesheuvel <ardb+tianocore@kernel.org>, 
 Graeme Gregory <graeme@xora.org.uk>, 
 Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Resent-Date: Wed, 03 Jul 2024 05:39:47 -0700
Resent-From: marcin.juszkiewicz@linaro.org
Reply-To: devel@edk2.groups.io,marcin.juszkiewicz@linaro.org
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: VfGKWEdP3mj4aqS7sLHRqUAPx7686176AA=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=EQJkb3UU;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=linaro.org (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io

By default we have Neoverse-N2 cpu which supports FEAT_RNG feature. This
allows us to add RngDxe to have EFI_RNG_PROTOCOL available on
Neoverse-N2 and 'max' cpu cores.

Commit 5de5e230a80bed083360da95ba16a2c4a001620d (in EDK2) enabled that for
ArmVirt platform.

RNDR is implemented by both Neoverse-N2 and 'max' cpu implemented by QEMU.
Other cpu models lack it which prevents the RngDxe driver from running,
resulting in the same situation as before.

TRNG is not implemented in TCG mode but is required by RngDxe to run.

On older cpu cores nothing changes.

Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
---
By default we have Neoverse-N2 cpu which supports FEAT_RNG feature. This
allows us to add RngDxe to have EFI_RNG_PROTOCOL available on
Neoverse-N2 and 'max' cpu cores.

When I boot with Neoverse-N2 or 'max' cpu then EFI_RNG_PROTOCOL gets
reported by 'EFI stub' on Linux boot and KASLR gets enabled.

Commit 5de5e230a80bed083360da95ba16a2c4a001620d (in EDK2) enabled that for
ArmVirt platform.

RNDR is implemented by both Neoverse-N2 and 'max' cpu implemented by QEMU.
Other cpu models lack it which prevents the RngDxe driver from running,
resulting in the same situation as before.

TRNG is not implemented in TCG mode but is required by RngDxe to run.

On older cpu cores nothing changes.
---
 Platform/Qemu/SbsaQemu/SbsaQemu.dsc | 7 +++++++
 Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 1 +
 2 files changed, 8 insertions(+)

diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc b/Platform/Qemu/SbsaQemu/S=
bsaQemu.dsc
index 9306986bf7c0..72b6a6d9a8b8 100644
--- a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
+++ b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
@@ -660,6 +660,13 @@ [Components.common]
   OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
   MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
   Silicon/Qemu/SbsaQemu/Drivers/SbsaQemuHighMemDxe/SbsaQemuHighMemDxe.inf
+  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf {
+    <LibraryClasses>
+      RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
+      ArmTrngLib|ArmPkg/Library/ArmTrngLib/ArmTrngLib.inf
+      ArmMonitorLib|ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.inf
+  }
+
=20
   #
   # FAT filesystem + GPT/MBR partitioning
diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf b/Platform/Qemu/SbsaQemu/S=
bsaQemu.fdf
index b35f42e11aa4..51a1ef8519f9 100644
--- a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
+++ b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
@@ -192,6 +192,7 @@ [FV.FvMain]
   INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf
   INF OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
   INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
+  INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
=20
   #
   # FAT filesystem + GPT/MBR partitioning + UDF filesystem

---
base-commit: c7ed8deaa8c1d7ee83af994b2c90d4490ef27bdc
change-id: 20240703-efi-rng-protocol-be991536709a

Best regards,
--=20
Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119785): https://edk2.groups.io/g/devel/message/119785
Mute This Topic: https://groups.io/mt/107018350/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-