[edk2-devel] [PATCH edk2-platform v1 2/2] ARM/JunoPkg: Use ArmTrngLib in NetworkPkg

public inbox for devel@edk2.groups.io
 help / color / mirror / Atom feed

From: "levi.yun" <yeoreum.yun@arm.com>
To: devel@edk2.groups.io
Cc: yeoreum.yun@arm.com, sami.mujawar@arm.com,
	pierre.gondois@arm.com, nd@arm.com, thomas.abraham@arm.com
Subject: [edk2-devel] [PATCH edk2-platform v1 2/2] ARM/JunoPkg: Use ArmTrngLib in NetworkPkg
Date: Mon, 22 Jul 2024 16:13:12 +0100	[thread overview]
Message-ID: <20240722151312.937594-1-yeoreum.yun@arm.com> (raw)

From: "levi.yun" <yeoreum.yun@arm.com>

edk2's commit:4c4ceb2ceb80 ("NetworkPkg: SECURITY PATCH CVE-2023-45237")
solved CVE-2023-45237 about usage of a weak pseudoRandom number generator
and this modification add dependency for DxeNetLib with RngDxe driver.

Because of new dependency, Juno failed to load Newtork related packages
(i.e VlanConfigDxe, MnpDxe, ArpDxe, Dhcp4Dxe, Ip4Dxe and etc) like

...
Driver E4F61863-FE2C-4B56-A8F4-08519BC439DF was discovered but not loaded!!
Driver 025BBFC7-E6A9-4B8B-82AD-6815A1AEAF4A was discovered but not loaded!!
Driver 529D3F93-E8E9-4E73-B1E1-BDF6A9D50113 was discovered but not loaded!!
...

Unfortunately for proper usage of RngDxe, Platform should support
- RngLib with Rndr.
- Trng.

In case of Juno, it supports Trng feature. To use NetworkPkg properly,
add usage of ArmTrngLib

Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I1f0c72bdbb46d0226e7e6ddd921d513c8d5943c2
---
 Platform/ARM/JunoPkg/ArmJuno.dsc | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/Platform/ARM/JunoPkg/ArmJuno.dsc b/Platform/ARM/JunoPkg/ArmJuno.dsc
index 93ec9f12997203c0c8515af31f342910702a6a99..609470a5aab6329e765a6659d4cb3d4c0105cb9a 100644
--- a/Platform/ARM/JunoPkg/ArmJuno.dsc
+++ b/Platform/ARM/JunoPkg/ArmJuno.dsc
@@ -39,6 +39,11 @@ [LibraryClasses.common]
   ArmMmuLib|ArmPkg/Library/ArmMmuLib/ArmMmuBaseLib.inf
   ArmPlatformLib|Platform/ARM/JunoPkg/Library/ArmJunoLib/ArmJunoLib.inf
   ArmSmcLib|ArmPkg/Library/ArmSmcLib/ArmSmcLib.inf
+  ArmHvcLib|ArmPkg/Library/ArmHvcLib/ArmHvcLib.inf
+
+  # Trng Supports.
+  ArmMonitorLib|ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.inf
+  ArmTrngLib|ArmPkg/Library/ArmTrngLib/ArmTrngLib.inf
 
   NorFlashDeviceLib|Platform/ARM/Library/P30NorFlashDeviceLib/P30NorFlashDeviceLib.inf
   NorFlashPlatformLib|Platform/ARM/JunoPkg/Library/NorFlashJunoLib/NorFlashJunoLib.inf
@@ -211,6 +216,11 @@ [PcdsFixedAtBuild.common]
   gEdkiiDynamicTablesPkgTokenSpaceGuid.PcdDevelopmentPlatformRelaxations|0x1
 !endif
 
+  #
+  # Juno Support Trng. Override PcdEnforceSecureRngAlgorithms.
+  #
+  gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE
+
 [PcdsPatchableInModule]
   # Console Resolution (Full HD)
   gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|1920
--
Guid("CE165669-3EF3-493F-B85D-6190EE5B9759")



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120006): https://edk2.groups.io/g/devel/message/120006
Mute This Topic: https://groups.io/mt/107486843/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

next             reply	other threads:[~2024-07-22 15:13 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-22 15:13 levi.yun [this message]
2024-08-02 16:35 ` [edk2-devel] [PATCH edk2-platform v1 2/2] ARM/JunoPkg: Use ArmTrngLib in NetworkPkg Sami Mujawar

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:93ec9f12997203c0c8515af31f342910702a6a9
dfblob:609470a5aab6329e765a6659d4cb3d4c0105cb9 )
 OR (
bs:"[edk2-devel] [PATCH edk2-platform v1 2/2] ARM/JunoPkg: Use ArmTrngLib in NetworkPkg" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-list from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240722151312.937594-1-yeoreum.yun@arm.com \
    --to=devel@edk2.groups.io \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox