[edk2-devel] [PATCH edk2-platform v1 2/2] ARM/JunoPkg: Use ArmTrngLib in NetworkPkg

[edk2-devel] [PATCH edk2-platform v1 2/2] ARM/JunoPkg: Use ArmTrngLib in NetworkPkg

[levi.yun]

From: "levi.yun" <yeoreum.yun@arm.com>

edk2's commit:4c4ceb2ceb80 ("NetworkPkg: SECURITY PATCH CVE-2023-45237")
solved CVE-2023-45237 about usage of a weak pseudoRandom number generator
and this modification add dependency for DxeNetLib with RngDxe driver.

Because of new dependency, Juno failed to load Newtork related packages
(i.e VlanConfigDxe, MnpDxe, ArpDxe, Dhcp4Dxe, Ip4Dxe and etc) like

...
Driver E4F61863-FE2C-4B56-A8F4-08519BC439DF was discovered but not loaded!!
Driver 025BBFC7-E6A9-4B8B-82AD-6815A1AEAF4A was discovered but not loaded!!
Driver 529D3F93-E8E9-4E73-B1E1-BDF6A9D50113 was discovered but not loaded!!
...

Unfortunately for proper usage of RngDxe, Platform should support
- RngLib with Rndr.
- Trng.

In case of Juno, it supports Trng feature. To use NetworkPkg properly,
add usage of ArmTrngLib

Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I1f0c72bdbb46d0226e7e6ddd921d513c8d5943c2
---
 Platform/ARM/JunoPkg/ArmJuno.dsc | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/Platform/ARM/JunoPkg/ArmJuno.dsc b/Platform/ARM/JunoPkg/ArmJuno.dsc
index 93ec9f12997203c0c8515af31f342910702a6a99..609470a5aab6329e765a6659d4cb3d4c0105cb9a 100644
--- a/Platform/ARM/JunoPkg/ArmJuno.dsc
+++ b/Platform/ARM/JunoPkg/ArmJuno.dsc
@@ -39,6 +39,11 @@ [LibraryClasses.common]
   ArmMmuLib|ArmPkg/Library/ArmMmuLib/ArmMmuBaseLib.inf
   ArmPlatformLib|Platform/ARM/JunoPkg/Library/ArmJunoLib/ArmJunoLib.inf
   ArmSmcLib|ArmPkg/Library/ArmSmcLib/ArmSmcLib.inf
+  ArmHvcLib|ArmPkg/Library/ArmHvcLib/ArmHvcLib.inf
+
+  # Trng Supports.
+  ArmMonitorLib|ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.inf
+  ArmTrngLib|ArmPkg/Library/ArmTrngLib/ArmTrngLib.inf
 
   NorFlashDeviceLib|Platform/ARM/Library/P30NorFlashDeviceLib/P30NorFlashDeviceLib.inf
   NorFlashPlatformLib|Platform/ARM/JunoPkg/Library/NorFlashJunoLib/NorFlashJunoLib.inf
@@ -211,6 +216,11 @@ [PcdsFixedAtBuild.common]
   gEdkiiDynamicTablesPkgTokenSpaceGuid.PcdDevelopmentPlatformRelaxations|0x1
 !endif
 
+  #
+  # Juno Support Trng. Override PcdEnforceSecureRngAlgorithms.
+  #
+  gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE
+
 [PcdsPatchableInModule]
   # Console Resolution (Full HD)
   gEfiMdeModulePkgTokenSpaceGuid.PcdVideoHorizontalResolution|1920
--
Guid("CE165669-3EF3-493F-B85D-6190EE5B9759")



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120006): https://edk2.groups.io/g/devel/message/120006
Mute This Topic: https://groups.io/mt/107486843/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH edk2-platform v1 2/2] ARM/JunoPkg: Use ArmTrngLib in NetworkPkg

[Sami Mujawar]

[-- Attachment #1: Type: text/plain, Size: 867 bytes --]

Hi Levi,

Thank you for this patch.

On Mon, Jul 22, 2024 at 08:13 AM, levi.yun wrote:

> 
> Change-Id: I1f0c72bdbb46d0226e7e6ddd921d513c8d5943c2

The change-Id must be dropped before the patch is sent to the mailing list.
The edk2\BaseTools\Scripts\PatchCheck.py script catches such issues.

I will fix this locally before merging, but please run the patchcheck script before submitting patches for review.

Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>

Regards,

Sami Mujawar


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120214): https://edk2.groups.io/g/devel/message/120214
Mute This Topic: https://groups.io/mt/107486843/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-



[-- Attachment #2: Type: text/html, Size: 1522 bytes --]