From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) by mx.groups.io with SMTP id smtpd.web08.9131.1666799062654391476 for ; Wed, 26 Oct 2022 08:44:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b=LXjN05CV; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: quicinc.com, ip: 205.220.168.131, mailfrom: quic_llindhol@quicinc.com) Received: from pps.filterd (m0279867.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 29QBc3VV013962; Wed, 26 Oct 2022 15:44:09 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=message-id : date : mime-version : subject : to : cc : references : from : in-reply-to : content-type : content-transfer-encoding; s=qcppdkim1; bh=TqVj32Xb1nRAn/a1KhNpS3zSs4E77t1k8czweb0YSZg=; b=LXjN05CV/57sCI7KxNEevOv6n7puTnjhRerW6G5jnsuaN6/WCeiqUq9TdYArKRNUZ3WR NW6M/OzGqgLblnG80ByyW37D0y9a6ujkqDyUU7k4ml1jwDz/u86roto6mae687CwGl2Z bfkU3TqbVWHKM6ZtqJBu4gtFtjWW44NF+BcpB8dYOhKckDnFEHXbE6Wyi9ypqcRrYYpG M6VGS7YYoGotp53XqS3kIQmKWnxLII//lDEFnCy1jtysON7KtwWmgKbCPbtNhJmzz4zH qeqTXLtUV1k86Gi/XuXYtRaVh4tu0D2PTuyGwlE6ixBjfIOtZ3XvPuYTllbhjcEKiqE8 KQ== Received: from nasanppmta04.qualcomm.com (i-global254.qualcomm.com [199.106.103.254]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3kevsbsuat-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 26 Oct 2022 15:44:09 +0000 Received: from nasanex01c.na.qualcomm.com (nasanex01c.na.qualcomm.com [10.45.79.139]) by NASANPPMTA04.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 29QFi8OO021180 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 26 Oct 2022 15:44:08 GMT Received: from [10.251.42.43] (10.80.80.8) by nasanex01c.na.qualcomm.com (10.45.79.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.29; Wed, 26 Oct 2022 08:44:05 -0700 Message-ID: <2b288a1a-2a51-6b97-fae1-5f0eb9fc1a77@quicinc.com> Date: Wed, 26 Oct 2022 16:44:03 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.13.1 Subject: Re: [edk2-devel] [PATCH v8 06/19] MdePkg/TrngLib: Definition for TRNG library class interface To: , CC: "pierre.gondois@arm.com" , Sami Mujawar , Ard Biesheuvel , Rebecca Cran , "Kinney, Michael D" , "Gao, Liming" , "Wang, Jian J" References: <20221018132052.1359530-1-Pierre.Gondois@arm.com> <20221018132052.1359530-7-Pierre.Gondois@arm.com> From: "Leif Lindholm" In-Reply-To: X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01b.na.qualcomm.com (10.46.141.250) To nasanex01c.na.qualcomm.com (10.45.79.139) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: cws69NEViBIHfF7UzNaPd628czL6bhzU X-Proofpoint-ORIG-GUID: cws69NEViBIHfF7UzNaPd628czL6bhzU X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-10-26_06,2022-10-26_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 impostorscore=0 lowpriorityscore=0 phishscore=0 adultscore=0 mlxlogscore=999 spamscore=0 suspectscore=0 bulkscore=0 malwarescore=0 priorityscore=1501 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000 definitions=main-2210260089 Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit On 2022-10-26 15:06, Yao, Jiewen wrote: > Oh, I did not realize we are planning to deprecate ArmPkg. > Is there a Bugzilla I can refer to? There wasn't, and that's a very good point. I have raised https://bugzilla.tianocore.org/show_bug.cgi?id=4121 > If so, I don't think MdeModulePkg is better, because we usually say: industry standard can be in MdePkg. With this justification, I would suggest to name this library class to be ArmTrngLib. That works for me. Best Regards, Leif > In the library header, I recommend to say: it follows "Arm True Random Number Generator Firmware, Interface 1.0", but not NIST SP800-90A/B/C. The latter is quite misleading, because there is not GetVersion/GetUUID in NIST document at all. > > Thank you > Yao Jiewen > > >> -----Original Message----- >> From: devel@edk2.groups.io On Behalf Of Leif >> Lindholm >> Sent: Wednesday, October 26, 2022 9:56 PM >> To: Yao, Jiewen >> Cc: devel@edk2.groups.io; pierre.gondois@arm.com; Sami Mujawar >> ; Ard Biesheuvel ; >> Rebecca Cran ; Kinney, Michael D >> ; Gao, Liming ; >> Wang, Jian J >> Subject: Re: [edk2-devel] [PATCH v8 06/19] MdePkg/TrngLib: Definition for >> TRNG library class interface >> >> Hi Jiewen, >> >> There could be an argument for moving it to MdeModulePkg, but there is >> no argument for it moving to ArmPkg. >> >> ArmPkg does not have any reason to exist other than that it has not >> yet been properly integrated in the core packages. Which clearly is >> becoming more urgent, as I seem to be raising this point even more >> frequently these days. >> >> Best Regards, >> >> Leif >> >> On Wed, Oct 26, 2022 at 13:25:54 +0000, Yao, Jiewen wrote: >>> Hi >>> This API is very ARM platform specific. >>> >>> I don't see any interface like GetVersion or GetUUID is defined in 800- >> 90A/90B/90C. >>> What it is following is "Arm True Random Number Generator Firmware, >> Interface 1.0". As such, I feel uncomfortable to define TrngLib in MdePkg. >>> >>> I have raised my concern before. My recommend is to move ArmPkg, for >> example ArmTrngLib. >>> >>> >>> >>> Thank you >>> Yao Jiewen >>> >>> >>>> -----Original Message----- >>>> From: devel@edk2.groups.io On Behalf Of >>>> PierreGondois >>>> Sent: Tuesday, October 18, 2022 9:21 PM >>>> To: devel@edk2.groups.io >>>> Cc: Sami Mujawar ; Leif Lindholm >>>> ; Ard Biesheuvel >>>> ; Rebecca Cran ; >> Kinney, >>>> Michael D ; Gao, Liming >>>> ; Yao, Jiewen ; >> Wang, >>>> Jian J >>>> Subject: [edk2-devel] [PATCH v8 06/19] MdePkg/TrngLib: Definition for >>>> TRNG library class interface >>>> >>>> From: Sami Mujawar >>>> >>>> Bugzilla: 3668 (https://bugzilla.tianocore.org/show_bug.cgi?id=3668) >>>> >>>> The NIST Special Publications 800-90A, 800-90B and 800-90C >>>> provide recommendations for random number generation. The >>>> NIST 800-90C, Recommendation for Random Bit Generator (RBG) >>>> Constructions, defines the GetEntropy() interface that is >>>> used to access the entropy source. The GetEntropy() interface >>>> is further used by Deterministic Random Bit Generators (DRBG) >>>> to generate random numbers. >>>> >>>> The True Random Number Generator (TRNG) library defines an >>>> interface to access the entropy source on a platform. Some >>>> platforms/architectures may provide access to the entropy >>>> using a firmware interface. In such cases the TRNG library >>>> shall be used to provide an abstraction. >>>> >>>> Signed-off-by: Pierre Gondois >>>> --- >>>> MdePkg/Include/Library/TrngLib.h | 103 >>>> +++++++++++++++++++++++++++++++ >>>> MdePkg/MdePkg.dec | 5 ++ >>>> 2 files changed, 108 insertions(+) >>>> create mode 100644 MdePkg/Include/Library/TrngLib.h >>>> >>>> diff --git a/MdePkg/Include/Library/TrngLib.h >>>> b/MdePkg/Include/Library/TrngLib.h >>>> new file mode 100644 >>>> index 000000000000..535fd53f4305 >>>> --- /dev/null >>>> +++ b/MdePkg/Include/Library/TrngLib.h >>>> @@ -0,0 +1,103 @@ >>>> +/** @file >>>> + TRNG interface library definitions. >>>> + >>>> + Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.
>>>> + >>>> + SPDX-License-Identifier: BSD-2-Clause-Patent >>>> + >>>> + @par Reference(s): >>>> + - [1] NIST Special Publication 800-90B, Recommendation for the >> Entropy >>>> + Sources Used for Random Bit Generation. >>>> + (https://csrc.nist.gov/publications/detail/sp/800-90b/final) >>>> + >>>> + @par Glossary: >>>> + - TRNG - True Random Number Generator >>>> +**/ >>>> + >>>> +#ifndef TRNG_LIB_H_ >>>> +#define TRNG_LIB_H_ >>>> + >>>> +/** Get the version of the TRNG backend. >>>> + >>>> + A TRNG may be implemented by the system firmware, in which case >> this >>>> + function shall return the version of the TRNG backend. >>>> + The implementation must return NOT_SUPPORTED if a Back end is >> not >>>> present. >>>> + >>>> + @param [out] MajorRevision Major revision. >>>> + @param [out] MinorRevision Minor revision. >>>> + >>>> + @retval RETURN_SUCCESS The function completed >> successfully. >>>> + @retval RETURN_INVALID_PARAMETER Invalid parameter. >>>> + @retval RETURN_UNSUPPORTED Backend not present. >>>> +**/ >>>> +RETURN_STATUS >>>> +EFIAPI >>>> +GetTrngVersion ( >>>> + OUT UINT16 *MajorRevision, >>>> + OUT UINT16 *MinorRevision >>>> + ); >>>> + >>>> +/** Get the UUID of the TRNG backend. >>>> + >>>> + A TRNG may be implemented by the system firmware, in which case >> this >>>> + function shall return the UUID of the TRNG backend. >>>> + Returning the TRNG UUID is optional and if not implemented, >>>> RETURN_UNSUPPORTED >>>> + shall be returned. >>>> + >>>> + Note: The caller must not rely on the returned UUID as a trustworthy >>>> TRNG >>>> + Back end identity >>>> + >>>> + @param [out] Guid UUID of the TRNG backend. >>>> + >>>> + @retval RETURN_SUCCESS The function completed >> successfully. >>>> + @retval RETURN_INVALID_PARAMETER Invalid parameter. >>>> + @retval RETURN_UNSUPPORTED Function not implemented. >>>> +**/ >>>> +RETURN_STATUS >>>> +EFIAPI >>>> +GetTrngUuid ( >>>> + OUT GUID *Guid >>>> + ); >>>> + >>>> +/** Returns maximum number of entropy bits that can be returned in >> a >>>> single >>>> + call. >>>> + >>>> + @return Returns the maximum number of Entropy bits that can be >>>> returned >>>> + in a single call to GetTrngEntropy(). >>>> +**/ >>>> +UINTN >>>> +EFIAPI >>>> +GetTrngMaxSupportedEntropyBits ( >>>> + VOID >>>> + ); >>>> + >>>> +/** Returns N bits of conditioned entropy. >>>> + >>>> + See [1] Section 2.3.1 GetEntropy: An Interface to the Entropy Source >>>> + GetEntropy >>>> + Input: >>>> + bits_of_entropy: the requested amount of entropy >>>> + Output: >>>> + entropy_bitstring: The string that provides the requested entropy. >>>> + status: A Boolean value that is TRUE if the request has been >> satisfied, >>>> + and is FALSE otherwise. >>>> + >>>> + @param [in] EntropyBits Number of entropy bits requested. >>>> + @param [in] BufferSize Size of the Buffer in bytes. >>>> + @param [out] Buffer Buffer to return the entropy bits. >>>> + >>>> + @retval RETURN_SUCCESS The function completed >> successfully. >>>> + @retval RETURN_INVALID_PARAMETER Invalid parameter. >>>> + @retval RETURN_UNSUPPORTED Function not implemented. >>>> + @retval RETURN_BAD_BUFFER_SIZE Buffer size is too small. >>>> + @retval RETURN_NOT_READY No Entropy available. >>>> +**/ >>>> +RETURN_STATUS >>>> +EFIAPI >>>> +GetTrngEntropy ( >>>> + IN UINTN EntropyBits, >>>> + IN UINTN BufferSize, >>>> + OUT UINT8 *Buffer >>>> + ); >>>> + >>>> +#endif // TRNG_LIB_H_ >>>> diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec >>>> index 4c81cbd75ab2..0a7859fc1d3f 100644 >>>> --- a/MdePkg/MdePkg.dec >>>> +++ b/MdePkg/MdePkg.dec >>>> @@ -8,6 +8,7 @@ >>>> # Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.
>>>> # (C) Copyright 2016 - 2021 Hewlett Packard Enterprise Development >>>> LP
>>>> # Copyright (c) 2022, Loongson Technology Corporation Limited. All >> rights >>>> reserved.
>>>> +# Copyright (c) 2021 - 2022, Arm Limited. All rights reserved.
>>>> # >>>> # SPDX-License-Identifier: BSD-2-Clause-Patent >>>> # >>>> @@ -279,6 +280,10 @@ [LibraryClasses] >>>> ## @libraryclass Provides function for SMM CPU Rendezvous Library. >>>> SmmCpuRendezvousLib|Include/Library/SmmCpuRendezvousLib.h >>>> >>>> + ## @libraryclass Provides services to generate Entropy using a TRNG. >>>> + # >>>> + TrngLib|Include/Library/TrngLib.h >>>> + >>>> [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64] >>>> ## @libraryclass Provides services to generate random number. >>>> # >>>> -- >>>> 2.25.1 >>>> >>>> >>>> >>>> -=-=-=-=-=-= >>>> Groups.io Links: You receive all messages sent to this group. >>>> View/Reply Online (#95322): >>>> https://edk2.groups.io/g/devel/message/95322 >>>> Mute This Topic: https://groups.io/mt/94407745/1772286 >>>> Group Owner: devel+owner@edk2.groups.io >>>> Unsubscribe: https://edk2.groups.io/g/devel/unsub >> [jiewen.yao@intel.com] >>>> -=-=-=-=-=-= >>>> >>> >> >> >> >> > > > > > >