From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 8E964740045 for ; Mon, 1 Jul 2024 12:58:07 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=0yK+s8t4cXKmavozn4t2EpuIZSNJBVNt4ZPl4xDciVk=; c=relaxed/simple; d=groups.io; h=Message-ID:Date:MIME-Version:User-Agent:Subject:To:Cc:References:From:Organization:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1719838687; v=1; b=P5/HZ7UK+xFIzHEt4nn3xDYw1P64UvOvGM9PQvpZkp9faIO2/8OAk0hO0y7maYFzarEA1XYO JS/XzM5a8c3XyrJveamIsgqgS/wNWS3dTH4rKNf+h+PckE+0+5d0sFMJkfULMwl20yfWNjlZ6O6 LSV1C6TFJ1rwHDUejf67ebCYjvLW3KhxSKP8XEourw6NlVOZc010DRJRQd7r6eekSZzAQO6PH9x qlQmQ2ZOqFvUMVfZ/qj6NBH+CBa89FefxAW+iZIWwSEdz/743emoLneRk+CrrCNaJdgijnweDfD qoQZOVxu5b+Rmh2hn491G64780P79YDkNAkWl2b1Ib5hw== X-Received: by 127.0.0.2 with SMTP id 4X6NYY7687511x7mDGHUuUIZ; Mon, 01 Jul 2024 05:58:05 -0700 X-Received: from mail-ed1-f44.google.com (mail-ed1-f44.google.com [209.85.208.44]) by mx.groups.io with SMTP id smtpd.web10.18887.1719838685102646050 for ; Mon, 01 Jul 2024 05:58:05 -0700 X-Received: by mail-ed1-f44.google.com with SMTP id 4fb4d7f45d1cf-57d203d4682so296519a12.0 for ; Mon, 01 Jul 2024 05:58:04 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCWa7Pi93azgbR218Sgr8Oi0jN1gr3nfqpssdip+2TDIIkoHE2Yi/g2UCk3f+mbJZVYrPVJkiu190TPYEaJMfDNpljwliQ== X-Gm-Message-State: HXxyvZuKrAaxr4E5M0zoFE7mx7686176AA= X-Google-Smtp-Source: AGHT+IGoNNp9hKZTndj0ipQL2nFx/Nt2udg8rH6PNBYGjoQ0NK0ZOzQ+QdlD9rrndgtbbqVEsDz+Wg== X-Received: by 2002:a17:907:9710:b0:a74:78d1:847 with SMTP id a640c23a62f3a-a75144a9066mr533166766b.76.1719838682853; Mon, 01 Jul 2024 05:58:02 -0700 (PDT) X-Received: from [192.168.200.106] (83.8.74.165.ipv4.supernova.orange.pl. [83.8.74.165]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a72aaf6339bsm330452766b.80.2024.07.01.05.58.02 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 01 Jul 2024 05:58:02 -0700 (PDT) Message-ID: <2176e4bf-dcd1-4aa5-9866-eaa852ae0fb0@linaro.org> Date: Mon, 1 Jul 2024 14:58:01 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [edk2-devel] [PATCH edk2-platforms 1/1] SbsaQemu: use FEAT_RNG for EFI_RNG_PROTOCOL To: Leif Lindholm , devel@edk2.groups.io Cc: Ard Biesheuvel References: <20240627142212.408917-1-marcin.juszkiewicz@linaro.org> <20240627142212.408917-2-marcin.juszkiewicz@linaro.org> <59847794-9dd1-4be1-b5ac-e61f22c60386@quicinc.com> From: "Marcin Juszkiewicz" Organization: Linaro In-Reply-To: <59847794-9dd1-4be1-b5ac-e61f22c60386@quicinc.com> Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Mon, 01 Jul 2024 05:58:05 -0700 Resent-From: marcin.juszkiewicz@linaro.org Reply-To: devel@edk2.groups.io,marcin.juszkiewicz@linaro.org List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Language: pl-PL, en-GB, en-HK Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b="P5/HZ7UK"; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=linaro.org (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io W dniu 1.07.2024 o 13:08, Leif Lindholm pisze: > On 2024-06-27 15:22, Marcin Juszkiewicz wrote: >> By default we have Neoverse-N2 cpu which supports FEAT_RNG feature. >> >> Commit 5de5e230a80bed083360da95ba16a2c4a001620d (in EDK2) enabled that >> for >> ArmVirt platform. >> >> RNDR is implemented by both Neoverse-N2 and 'max' cpu implemented by >> QEMU. >> Other cpu models lack it which prevents the RngDxe driver from running, >> resulting in the same situation as before. >> >> TRNG is not implemented in TCG mode but is required by RngDxe to run. > > This commit also adds RngDxe for this platform, which neither the short > nor the long description mentions. > >> Signed-off-by: Marcin Juszkiewicz >> --- >>   Platform/Qemu/SbsaQemu/SbsaQemu.dsc | 6 +++++- >>   Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 1 + >>   2 files changed, 6 insertions(+), 1 deletion(-) >> >> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc >> b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc >> index 9306986bf7c0..3463e5c7a635 100644 >> --- a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc >> +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc >> @@ -148,7 +148,9 @@ [LibraryClasses.common] >>     # > > Since sbsa-ref still supports processors without FEAT_RNG, this may > cause unexpected breakages for some users. That's why I sent it as more of RFC than changes for merging. > Could we first of all conditionalise this change: > > [Defines] > ... >   DEFINE_DEBUG_PRINT_ERROR_LEVEL = ... >   DEFINE FEATRNG_ENABLE         = TRUE > > so that someone who still wishes to run tests against older cpus can > still do so through a rebuild with -D FEATRNG_ENABLE=FALSE Is there a way to load both BaseRngLib and BaseRngLibTimerLib and switch between them depending on availability of FEAT_RNG? >>     IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf >>     OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf > > !if $(FEATRNG_ENABLE) == TRUE >   RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf > !else >   RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf > !endif >   ArmTrngLib|ArmPkg/Library/ArmTrngLib/ArmTrngLib.inf >   ArmMonitorLib|ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.inf > >>     BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf >>     # >> @@ -660,6 +662,8 @@ [Components.common] >>     OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf >>     MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf >> >> Silicon/Qemu/SbsaQemu/Drivers/SbsaQemuHighMemDxe/SbsaQemuHighMemDxe.inf >> +  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf >> + > > Spurious added newline. > >>     # >>     # FAT filesystem + GPT/MBR partitioning >> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf >> b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf >> index b35f42e11aa4..51a1ef8519f9 100644 >> --- a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf >> +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf >> @@ -192,6 +192,7 @@ [FV.FvMain] >>     INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf >>     INF OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf >>     INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf >> +  INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf > > Second: > What is the failure mode of running the BaseRngLib flavour on cpus that > don't support FEAT_RNG? RngDxe itself seems to do the right thing, but > do we get any warning messages or will certain operations now fail > silently? On FEAT_RNG cores we get: InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF 101FAD68798 ProtectUefiImageCommon - 0xFAD683C0 - 0x00000101FBBDB000 - 0x0000000000007000 ArmTrngLib could not be correctly initialized. InstallProtocolInterface: 3152BCA5-EADE-433D-862E-C01CDC291F44 101FBBE0020 Loading driver B601F8C4-43B7-4784-95B1-F4226CB40CEE On core without FEAT_RNG: InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF 101FAD68798 ProtectUefiImageCommon - 0xFAD683C0 - 0x00000101FBBDB000 - 0x0000000000007000 ArmTrngLib could not be correctly initialized. Error: Image at 101FBBDB000 start failed: 00000001 remove-symbol-file /home/marcin/devel/linaro/sbsa-qemu/code/Build/SbsaQemu/DEBUG_GCC/AARCH64/SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe/DEBUG/RngDxe.dll 0xFBBDC000 Loading driver B601F8C4-43B7-4784-95B1-F4226CB40CEE So there is some kind of information but you need to know what to look for ;( -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119736): https://edk2.groups.io/g/devel/message/119736 Mute This Topic: https://groups.io/mt/106909459/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-