From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 4CC0F74004A for ; Wed, 4 Sep 2024 11:39:40 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=c5kwd+fydnMznjIJcCMm0DDM1dU8hHUQSIT4ujLCzg4=; c=relaxed/simple; d=groups.io; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Transfer-Encoding; s=20240830; t=1725449979; v=1; x=1725709178; b=Pe0rfHyODNQKwJrPpjAF2KLliR4uTgxj7bDDQhaupzreU48XxizGQrmudVxZ+ifReYJMAOZz KaESqNsplHAeHOk2Cn68GBotB+CFoReFtHTnXnFkbxe85fR49wFcqYxgox0Wz38LF+8Auwh4bRH UfyTpr4h3II0AA38FtxYCFVBxL6obkc3NKB+0i6JVRFpe9bam1+HuxtSkn9AB0JFXw6dDr68Qjg RUr4hoPIi7NAcmvgEZvLTCaJLugvfmn3FoMEVT0THbGk2Rj/UagASca+4x/h4pMZaMkmGMf6AGO hfSM7Es6/+5l0ONQkcPXJR47YsI6u7TMwU+fOZ5TiVOOQ== X-Received: by 127.0.0.2 with SMTP id hTKwYY7687511xGbkVZpbpx2; Wed, 04 Sep 2024 04:39:38 -0700 X-Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web11.47882.1725449977948048857 for ; Wed, 04 Sep 2024 04:39:38 -0700 X-Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id EBD521063; Wed, 4 Sep 2024 04:40:03 -0700 (PDT) X-Received: from e126645.arm.com (unknown [10.57.75.149]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id 208923F73F; Wed, 4 Sep 2024 04:39:35 -0700 (PDT) From: "PierreGondois" To: devel@edk2.groups.io Cc: ardb+tianocore@kernel.org, sami.mujawar@arm.com, Thomas Abraham , Pierre Gondois Subject: [edk2-devel] [PATCH 3/3] Platform/ARM/Juno: Use DxeRngLib.inf as default RngLib implementation Date: Wed, 4 Sep 2024 13:39:05 +0200 Message-Id: <20240904113905.1736428-4-Pierre.Gondois@arm.com> In-Reply-To: <20240904113905.1736428-1-Pierre.Gondois@arm.com> References: <20240904113905.1736428-1-Pierre.Gondois@arm.com> MIME-Version: 1.0 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 04 Sep 2024 04:39:38 -0700 Resent-From: pierre.gondois@arm.com Reply-To: devel@edk2.groups.io,pierre.gondois@arm.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: r4yHsXCqigKehQZdDjpoE0Idx7686176AA= Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240830 header.b=Pe0rfHyO; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=arm.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io From: Pierre Gondois Juno's RngLib implementation is: - BaseRngLib.inf if a secure RngLib is enforced - BaseRngLibTimerLib.inf if a non-secure RngLib is tolerated BaseRngLib.inf relies on the Arm's RNDR instruction. The instruction returns a DRBG-generated random number. The DRBG used is considered as secure. The RNDR instruction is available if FEAT_RNG is set. The Juno doesn't support it. When security is enforced (i.e. ENABLE_UNSAFE_RNGLIB is not set), the Juno cannot generate secure random numbers through the RngLib. Secure random numbers could be generated by using the Juno's TRNG. This can be done by: - using the RngDxeLib implementation of the RngLib - RngDxeLib relies on the RngDxe - the RngDxe has access to the TRNG Signed-off-by: Pierre Gondois --- Platform/ARM/JunoPkg/ArmJuno.dsc | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/Platform/ARM/JunoPkg/ArmJuno.dsc b/Platform/ARM/JunoPkg/ArmJ= uno.dsc index b0edecdc399c..ea665fd2b481 100644 --- a/Platform/ARM/JunoPkg/ArmJuno.dsc +++ b/Platform/ARM/JunoPkg/ArmJuno.dsc @@ -45,6 +45,8 @@ [LibraryClasses.common] # Trng Supports. ArmMonitorLib|ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.inf ArmTrngLib|ArmPkg/Library/ArmTrngLib/ArmTrngLib.inf + # Rng + RngLib|MdePkg/Library/DxeRngLib/DxeRngLib.inf =20 NorFlashDeviceLib|Platform/ARM/Library/P30NorFlashDeviceLib/P30NorFlas= hDeviceLib.inf NorFlashPlatformLib|Platform/ARM/JunoPkg/Library/NorFlashJunoLib/NorFl= ashJunoLib.inf @@ -407,6 +409,18 @@ [Components.common] # SCMI Driver ArmPkg/Drivers/ArmScmiDxe/ArmScmiDxe.inf =20 + # + # Rng + # + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf { + + !if $(ENABLE_UNSAFE_RNGLIB) =3D=3D TRUE + RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.= inf + !else + RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf + !endif + } + [Components.AARCH64] # # EBC --=20 2.25.1 -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#120493): https://edk2.groups.io/g/devel/message/120493 Mute This Topic: https://groups.io/mt/108262994/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-