From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 3D765AC0E8D for ; Mon, 1 Jul 2024 11:08:33 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=6Gyl/GvCrg4GSv2dJhY9dxuJMruGKiyA8p5IPqvuTgU=; c=relaxed/simple; d=groups.io; h=Message-ID:Date:MIME-Version:User-Agent:Subject:To:CC:References:From:In-Reply-To:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20240206; t=1719832113; v=1; b=rTPw/KtJSShT9Z46pHeJSF8CiDUZMcnSQBhl8vMUE2Bj2BHvQIudvWgbwwyirXpv0gigU+8Y W3l4+hv3ZSqMc3Nh0vCh6CFXHSYbFs2s7YqTMRmX1tQDpYFYR5c/EDGazh/FhVnXjY7yduglP8o IAgs1/jR/eZ0tTfoJU6I622BgM2qNo1DMpJwT2gCq8Qhw4E/lrSkpG1TwpLBuwKXR4a28ImSXPL +Il34DAoT9JCVc72o1vhqa+/vW9Dltrc+2tmYAQlxGsy11pB1VXS0gdlGOvOV83YgB7+80b9vgo cWUG0UjMk3ch8Zsmcw3Bl8gGD7gMDTI7XBW+6ebkSVEOA== X-Received: by 127.0.0.2 with SMTP id Aio0YY7687511x27SYLEvW2D; Mon, 01 Jul 2024 04:08:31 -0700 X-Received: from mx0b-0031df01.pphosted.com (mx0b-0031df01.pphosted.com [205.220.180.131]) by mx.groups.io with SMTP id smtpd.web10.16895.1719832105975035458 for ; Mon, 01 Jul 2024 04:08:26 -0700 X-Received: from pps.filterd (m0279869.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 461AuPAu008599; Mon, 1 Jul 2024 11:08:25 GMT X-Received: from nasanppmta04.qualcomm.com (i-global254.qualcomm.com [199.106.103.254]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 402996kyfk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 01 Jul 2024 11:08:25 +0000 (GMT) X-Received: from nasanex01c.na.qualcomm.com (nasanex01c.na.qualcomm.com [10.45.79.139]) by NASANPPMTA04.qualcomm.com (8.17.1.19/8.17.1.19) with ESMTPS id 461B8NvN019677 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 1 Jul 2024 11:08:24 GMT X-Received: from [10.111.143.246] (10.80.80.8) by nasanex01c.na.qualcomm.com (10.45.79.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.9; Mon, 1 Jul 2024 04:08:22 -0700 Message-ID: <59847794-9dd1-4be1-b5ac-e61f22c60386@quicinc.com> Date: Mon, 1 Jul 2024 12:08:20 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [edk2-devel] [PATCH edk2-platforms 1/1] SbsaQemu: use FEAT_RNG for EFI_RNG_PROTOCOL To: Marcin Juszkiewicz , CC: Ard Biesheuvel References: <20240627142212.408917-1-marcin.juszkiewicz@linaro.org> <20240627142212.408917-2-marcin.juszkiewicz@linaro.org> From: "Leif Lindholm" In-Reply-To: <20240627142212.408917-2-marcin.juszkiewicz@linaro.org> X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nasanex01c.na.qualcomm.com (10.45.79.139) X-QCInternal: smtphost X-Proofpoint-GUID: 2wBw8yr2cpQxxQDKhnXC_nvsNhi_77_s X-Proofpoint-ORIG-GUID: 2wBw8yr2cpQxxQDKhnXC_nvsNhi_77_s Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Mon, 01 Jul 2024 04:08:26 -0700 Resent-From: quic_llindhol@quicinc.com Reply-To: devel@edk2.groups.io,quic_llindhol@quicinc.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: 3blMARpLytrCiOBGEF2r4H8Bx7686176AA= Content-Language: en-GB Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b="rTPw/KtJ"; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=quicinc.com (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io On 2024-06-27 15:22, Marcin Juszkiewicz wrote: > By default we have Neoverse-N2 cpu which supports FEAT_RNG feature. >=20 > Commit 5de5e230a80bed083360da95ba16a2c4a001620d (in EDK2) enabled that fo= r > ArmVirt platform. >=20 > RNDR is implemented by both Neoverse-N2 and 'max' cpu implemented by QEMU= . > Other cpu models lack it which prevents the RngDxe driver from running, > resulting in the same situation as before. >=20 > TRNG is not implemented in TCG mode but is required by RngDxe to run. This commit also adds RngDxe for this platform, which neither the short=20 nor the long description mentions. > Signed-off-by: Marcin Juszkiewicz > --- > Platform/Qemu/SbsaQemu/SbsaQemu.dsc | 6 +++++- > Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 1 + > 2 files changed, 6 insertions(+), 1 deletion(-) >=20 > diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc b/Platform/Qemu/SbsaQemu= /SbsaQemu.dsc > index 9306986bf7c0..3463e5c7a635 100644 > --- a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc > +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc > @@ -148,7 +148,9 @@ [LibraryClasses.common] > # Since sbsa-ref still supports processors without FEAT_RNG, this may=20 cause unexpected breakages for some users. Could we first of all conditionalise this change: [Defines] ... DEFINE_DEBUG_PRINT_ERROR_LEVEL =3D ... DEFINE FEATRNG_ENABLE =3D TRUE so that someone who still wishes to run tests against older cpus can=20 still do so through a rebuild with -D FEATRNG_ENABLE=3DFALSE > IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf > OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf !if $(FEATRNG_ENABLE) =3D=3D TRUE RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf !else RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf !endif ArmTrngLib|ArmPkg/Library/ArmTrngLib/ArmTrngLib.inf ArmMonitorLib|ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.inf > BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf > =20 > # > @@ -660,6 +662,8 @@ [Components.common] > OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf > MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf > Silicon/Qemu/SbsaQemu/Drivers/SbsaQemuHighMemDxe/SbsaQemuHighMemDxe.i= nf > + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf > + Spurious added newline. > =20 > # > # FAT filesystem + GPT/MBR partitioning > diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf b/Platform/Qemu/SbsaQemu= /SbsaQemu.fdf > index b35f42e11aa4..51a1ef8519f9 100644 > --- a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf > +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf > @@ -192,6 +192,7 @@ [FV.FvMain] > INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf > INF OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf > INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf > + INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf Second: What is the failure mode of running the BaseRngLib flavour on cpus that=20 don't support FEAT_RNG? RngDxe itself seems to do the right thing, but=20 do we get any warning messages or will certain operations now fail silently= ? / Leif > =20 > # > # FAT filesystem + GPT/MBR partitioning + UDF filesystem -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#119735): https://edk2.groups.io/g/devel/message/119735 Mute This Topic: https://groups.io/mt/106909459/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-