From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+118824+7686176+12367111@groups.io>
Received: from mail05.groups.io (mail05.groups.io [45.79.224.7])
	by spool.mail.gandi.net (Postfix) with ESMTPS id 544A9AC174F
	for <rebecca@openfw.io>; Fri, 10 May 2024 17:13:08 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=4Zk9YK2FJsyqOHOxHnmI6ItQZbtS66tqVU/LSoihPVY=;
 c=relaxed/simple; d=groups.io;
 h=Subject:To:From:User-Agent:MIME-Version:Date:References:In-Reply-To:Message-ID:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type;
 s=20240206; t=1715361186; v=1;
 b=RnQtWuLFteiHETxhFAj9T8C8jMZ+5yCHVeOwSCHjxayjE0npZPcGAnZq4/dvHJx4vGSA4/ks
 s7tu5CWNL9qRdhp0mM60RGi3v4kEvTPLNstqpszQ8zW9cxAA9y3NwtrefKHsASjsgFtY2W6e1/T
 WwxeYUBXFublZxl+ZRVor77JjT4EpaucWxEVbbZSN5hRNMfoaWcFbspJkF+ytHfI1Ffml+NrA2z
 0Jh8Of577pe4Oa5FdJbbsHeL7jcWg9OTKVC9IITNzDelVHBUGPKZqrAfywEASpDoIbZvETsuAmH
 aFpt87PLfl+1KGsdika8kdKte1XB5ZuMiExdZpo5T1iag==
X-Received: by 127.0.0.2 with SMTP id d4AaYY7687511xMjeTTMqf64; Fri, 10 May 2024 10:13:06 -0700
Subject: =?UTF-8?B?UmU6IFtlZGsyLWRldmVsXSDlm57lpI06IFtlZGsyLWRldmVsXSBbUEFUQ0ggdjIgMDMvMTNdIE92bWZQa2c6UGxhdGZvcm1DSTogU3VwcG9ydCB2aXJ0aW8tcm5nLXBjaQ==?=
To: "gaoliming" <gaoliming@byosoft.com.cn>, devel@edk2.groups.io
From: "Doug Flick via groups.io" <dougflick=microsoft.com@groups.io>
X-Originating-Location: Tacoma, Washington, US (67.160.15.86)
X-Originating-Platform: Windows Chrome 124
User-Agent: GROUPS.IO Web Poster
MIME-Version: 1.0
Date: Fri, 10 May 2024 10:13:05 -0700
References: <004001daa274$8de608e0$a9b21aa0$@byosoft.com.cn>
In-Reply-To: <004001daa274$8de608e0$a9b21aa0$@byosoft.com.cn>
Message-ID: <32021.1715361185999490629@groups.io>
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,dougflick@microsoft.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: 5cm5AksrSf4dujfNSIMA2pAlx7686176AA=
Content-Type: multipart/alternative; boundary="f8NR9yE6xj4cpw3cFVyZ"
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20240206 header.b=RnQtWuLF;
	dmarc=pass (policy=none) header.from=groups.io;
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io

--f8NR9yE6xj4cpw3cFVyZ
Content-Type: text/plain; charset="utf-8"; markup=markdown
Content-Transfer-Encoding: quoted-printable

At a high level, this isn't my project and I would look towards the maintai=
ners to provide guidance about the direction they want to go.=20

However,=20

In my opinion, this is a debate on Security vs Compatibility. I'm biased mo=
re towards security, and I've tried to make it easy for a platform to under=
stand what is happening with `PcdEnforceSecureRngAlgorithms` . If we defaul=
t to `default` the platform never has the chance to understand what Rng Alg=
orithms they provide and if that is a problem for them. Default is obviousl=
y the most compatible but it's also the one that may or may not be backed b=
y something insecure. Which is why I would prefer if a platform acknowledge=
s that they know it's backed by something secure or if not its an active de=
cision.=20


-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118824): https://edk2.groups.io/g/devel/message/118824
Mute This Topic: https://groups.io/mt/106013302/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-



--f8NR9yE6xj4cpw3cFVyZ
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<p>At a high level, this isn't my project and I would look towards the main=
tainers to provide guidance about the direction they want to go.</p>

<p>However,</p>

<p>In my opinion, this is a debate on Security vs Compatibility. I'm biased=
 more towards security, and I've tried to make it easy for a platform to un=
derstand what is happening with <code>PcdEnforceSecureRngAlgorithms</code> =
. If we default to <code>default</code> the platform never has the chance t=
o understand what Rng Algorithms they provide and if that is a problem for =
them. Default is obviously the most compatible but it's also the one that m=
ay or may not be backed by something insecure. Which is why I would prefer =
if a platform acknowledges that they know it's backed by something secure o=
r if not its an active decision.</p>


<div width=3D"1" style=3D"color:white;clear:both">_._,_._,_</div>
<hr>


Groups.io Links:<p>


 =20
    You receive all messages sent to this group.
 =20
 =20


<p>
<a target=3D"_blank" href=3D"https://edk2.groups.io/g/devel/message/118824"=
>View/Reply Online (#118824)</a> |


 =20

|

  <a target=3D"_blank" href=3D"https://groups.io/mt/106013302/7686176">Mute=
 This Topic</a>


| <a href=3D"https://edk2.groups.io/g/devel/post">New Topic</a>

<br>




<a href=3D"https://edk2.groups.io/g/devel/editsub/7686176">Your Subscriptio=
n</a> |
<a href=3D"mailto:devel+owner@edk2.groups.io">Contact Group Owner</a> |

<a href=3D"https://edk2.groups.io/g/devel/unsub">Unsubscribe</a>

 [rebecca@openfw.io]<br>
<div width=3D"1" style=3D"color:white;clear:both">_._,_._,_</div>


--f8NR9yE6xj4cpw3cFVyZ--