From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from EUR01-VE1-obe.outbound.protection.outlook.com (EUR01-VE1-obe.outbound.protection.outlook.com [40.107.14.85]) by mx.groups.io with SMTP id smtpd.web10.5125.1688034300982032034 for ; Thu, 29 Jun 2023 03:25:01 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@armh.onmicrosoft.com header.s=selector2-armh-onmicrosoft-com header.b=G/18Qp9R; spf=pass (domain: arm.com, ip: 40.107.14.85, mailfrom: sami.mujawar@arm.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TdzlW/OykRAHLhEP4G28/xGlbpi+YKEAYmrDGr3mBWQ=; b=G/18Qp9ROwOPatIl5ZdB230+VgmTiYisXEogRa2LsI97GBBeZdvJvTvi6xR5f5pJOOn8EWHe4IN5epM9wFfDlhxHwtITBvJpmhQ6vsfgc+jIBLaxsw/l6BDKL2owmC+EUSYdzkUC5D/fAYccbotgfoYKO4s9j5mI4oBHvsOz8jo= Received: from AS9PR07CA0008.eurprd07.prod.outlook.com (2603:10a6:20b:46c::6) by PAVPR08MB9843.eurprd08.prod.outlook.com (2603:10a6:102:31f::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.24; Thu, 29 Jun 2023 10:24:50 +0000 Received: from AM7EUR03FT053.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:46c:cafe::51) by AS9PR07CA0008.outlook.office365.com (2603:10a6:20b:46c::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.8 via Frontend Transport; Thu, 29 Jun 2023 10:24:50 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM7EUR03FT053.mail.protection.outlook.com (100.127.140.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6544.22 via Frontend Transport; Thu, 29 Jun 2023 10:24:49 +0000 Received: ("Tessian outbound c63645f235c1:v142"); Thu, 29 Jun 2023 10:24:49 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: d55a12bb4db28d01 X-CR-MTA-TID: 64aa7808 Received: from 90a7bb4541e6.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 53F424E4-04B6-4EB6-853F-4D0EB0CD4FDC.1; Thu, 29 Jun 2023 10:24:43 +0000 Received: from EUR03-DBA-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 90a7bb4541e6.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 29 Jun 2023 10:24:43 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mwuGDfCmKrHCRr9n6X9M8ETkKnfxCzOiZSFlGoXCcRAnQj+tblsKL8qj61thfvTPPH/H/KLnViFiPfXprojrmsjK2b/e4x3WyYyHXw+LIWWygn0ZV19juAKdhzbJIzzCCsSs2QBhoG4I2LiqxWBdTEM1MZrwmFhJUVdhqRadSBAXETYKdyv/CLco926adMZdEykAwIKWsbntlpAwVDF4wqEF3Aiw1422VrrAqxfxZ19QsymDD2+Gg3VgXhH8Xu2frxZiQBQewRsdyDLJoJ//5fS2+DNRvJj2mosjwyRkOr/ibdg9ZeeYWUhyV1HDzXgUi1BDr43i1Htq6y2uFcKbog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TdzlW/OykRAHLhEP4G28/xGlbpi+YKEAYmrDGr3mBWQ=; b=R3s41mq5EmNpjM20wZreLMkGroKgT2YfF5APn4y4xGZvZ8g40QamQyfCmjyU2W0w8KK4DzLNYYIoZRA1Ah3gDrW2LJO6ASpqJMAM3AH5wYddPOCNbe3NUj/S6oxlcaBa3y3FksFuqaKM6mNaImL454xKIJHrFVpbjTA41/Aon7LYyw8CdVl1bx03929tnHX015fvdqk3xAlue03gNtz7KzVQsmZ/chwOEVcy+Et9oB1Oj6Yq3MMBNr1jBBiMi/jBt0OaawjeefIo8wMqrTLYeim2NzzYVpR3pX/RxulEEAP9rcC5pFUDSxE1xpH8XH0jmzAJTQA8PG5ds8Y1AFR9kA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TdzlW/OykRAHLhEP4G28/xGlbpi+YKEAYmrDGr3mBWQ=; b=G/18Qp9ROwOPatIl5ZdB230+VgmTiYisXEogRa2LsI97GBBeZdvJvTvi6xR5f5pJOOn8EWHe4IN5epM9wFfDlhxHwtITBvJpmhQ6vsfgc+jIBLaxsw/l6BDKL2owmC+EUSYdzkUC5D/fAYccbotgfoYKO4s9j5mI4oBHvsOz8jo= Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; Received: from AS8PR08MB6806.eurprd08.prod.outlook.com (2603:10a6:20b:39b::12) by PAWPR08MB9996.eurprd08.prod.outlook.com (2603:10a6:102:35a::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.37; Thu, 29 Jun 2023 10:24:41 +0000 Received: from AS8PR08MB6806.eurprd08.prod.outlook.com ([fe80::8ef4:aa57:6248:7850]) by AS8PR08MB6806.eurprd08.prod.outlook.com ([fe80::8ef4:aa57:6248:7850%4]) with mapi id 15.20.6544.019; Thu, 29 Jun 2023 10:24:41 +0000 Message-ID: <6cafd8c5-7edd-abdb-4ce8-b6dba73bb5e7@arm.com> Date: Thu, 29 Jun 2023 11:24:38 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Subject: Re: [PATCH v1 4/8] MdePkg/Rng: Add GUIDs to describe Rng algorithms To: pierre.gondois@arm.com, devel@edk2.groups.io Cc: Michael D Kinney , Liming Gao , Zhiguang Liu , Jiewen Yao , Jian J Wang , Ard Biesheuvel , Jose Marinho , Samer El-Haj-Mahmoud , "nd@arm.com" References: <20230509074042.1523428-1-pierre.gondois@arm.com> <20230509074042.1523428-5-pierre.gondois@arm.com> From: "Sami Mujawar" In-Reply-To: <20230509074042.1523428-5-pierre.gondois@arm.com> X-ClientProxiedBy: LO4P123CA0615.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:314::17) To AS8PR08MB6806.eurprd08.prod.outlook.com (2603:10a6:20b:39b::12) MIME-Version: 1.0 X-MS-TrafficTypeDiagnostic: AS8PR08MB6806:EE_|PAWPR08MB9996:EE_|AM7EUR03FT053:EE_|PAVPR08MB9843:EE_ X-MS-Office365-Filtering-Correlation-Id: 7e5135c7-2d3b-4e1c-22a5-08db788b11f9 x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: TVHlJXvnfoVOJFsBwi6zpBv2Wu1pvozVC+4PeeJFf1s9xLRBPr2i4NdgYamd9BeJjLfawrDuwSUeiws6JbIwEw+lxAgeZqvfuhSL3I3ducSeJO4+FaB/CTxe3ceb5AfZDfy2Pgg6RTwymplltzo7LLG13E8t83T0RVSc2CqijwN63FtRoXfh7aonBEdufJsJxO6HfXZ9Yq9zqcucTil4LePxx02XLstbjEdD114VSSQC3K2hkMa7g0iWSrLdtEXdnS/fGFQyFSd/nZ6EF9l73GJ/u7ipyfV8T25A9WPp+aMJEqTAw0kTVxaT51rprq7AyU5Rx5iSPNKhNRKSOA+yjVv9lygfcyjXCVvFwo1sIITODL1ssUs+EtJl8lse7Y46QkAE+++6svimVturAX7kRfSkRithagFibGKUs8PE0vqykYmlLRptnBmZsujzQK/QxvmnkMM1POJlOHBrF36UtFQSHxTOmaS9b/3HcYfeX94zRPXdh1J0sz9FDGKuEjKOkM2K6ixtv2uPfv2j+tBDYBqt1vs3Vo2jNWAYCRcZbgUTH+qry7Gn9aZQPfgQGjxKHk4Us0DQL3a+NuJ+6hyjSpd6Gbs6VsdJRl3Td6qOQtH1fv/mmKkBs4yUuEjaCEDIlx/AM9WMlVdEKpmffdpt6Y44UCJbj12y22hCUYsGYHM= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR08MB6806.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(4636009)(346002)(366004)(39860400002)(376002)(396003)(136003)(451199021)(6666004)(36756003)(6486002)(966005)(26005)(2616005)(38100700002)(186003)(53546011)(6512007)(83380400001)(6506007)(86362001)(31696002)(478600001)(5660300002)(2906002)(31686004)(8676002)(16799955002)(316002)(4326008)(8936002)(41300700001)(66476007)(66946007)(19627235002)(66556008)(44832011)(54906003)(43740500002)(45980500001);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR08MB9996 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; Return-Path: Sami.Mujawar@arm.com X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM7EUR03FT053.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 7773777d-1745-47ef-8e31-08db788b0cce X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: EHGwNtvrKQBD7+OqJuvcGlqI+cGeLEPnVabgbIw5pW/dyS4SMEBZrXbenNVHXbcMWMmnN8waTJSiDEDM17C6wH0HZJjizSspDHatqVvaB5RU3jvguXe7Qy1rl9crBU6c9PsSIR3TIVWsWfGP3fotvq+4oV8zFJ5J2iu+P5kMUseZNXd+rxCjMAELvX1lCvJLnS78Q4oG3OuCvJMMmPbpeBVHnyNx5LCPnHkP9qFHPZQTwdECUQyRJyCi4FKwDwVnA2CgMt9YYrCwp2H7ZVY2yp1UrEbDJRLBQ0Fi6SHY6JN2R5kMkli1snnIkXVE7dcqDHvSBhyWrLLvLC89BCxDDqzRq9greeoJpButtVXx8L95aSOWS/6hoQvxVw5yW+v5dRnZmwJlHINvVrSANhCozCraaqJDamaBx6mbkCfa2YHUAsX/JtQyT8SmxatYmUXGkP5OjCpxdSb5UlAwaRIuy47J/lWnYU/ROopWRL9zE7XyMqe4EBlVGG/X0AO90R38D+izFj7But1bG9H+qIOzQztZKq908MfLIp1nFxyMqA9e7tNyYfFyLHAIf5GfiP+RlqX9AcDDBSMbg1mEbUsi3h8XWNRd3ywgy5oiPqxhucii3CXD6kL73dURZH8rrGToGyxjt3w//YbHZ5KY1zzAPfxKZTDcoct0B4bS4e7ypefIWJURItpeRwscfV32od0oTcdqAg0g5ccO5L/0dcsM/7euKHg1q3ncSjZk/PVk0swhOdSfU0YAKF35jZg/ufLklHjQXGwahkDQHwnhJ8uPOXd1gOulMshMN4He8mV+fCU= X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230028)(4636009)(376002)(346002)(39860400002)(136003)(396003)(451199021)(36840700001)(40470700004)(46966006)(6512007)(6666004)(40460700003)(2906002)(186003)(40480700001)(6486002)(82310400005)(82740400003)(83380400001)(81166007)(2616005)(6506007)(53546011)(47076005)(26005)(336012)(86362001)(356005)(36860700001)(966005)(19627235002)(41300700001)(31696002)(54906003)(70206006)(478600001)(316002)(36756003)(4326008)(31686004)(70586007)(44832011)(5660300002)(16799955002)(8676002)(8936002)(43740500002);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Jun 2023 10:24:49.9603 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7e5135c7-2d3b-4e1c-22a5-08db788b11f9 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: AM7EUR03FT053.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAVPR08MB9843 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Hi Pierre, Thank you for this patch. Please find my response inline marked [SAMI]. Other than the concern mentioned below, this patch looks good to me. Reviewed-by: Sami Mujawar Regards, Sami Mujawar On 09/05/2023 08:40 am, pierre.gondois@arm.com wrote: > From: Pierre Gondois > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441 > > The EFI_RNG_PROTOCOL can rely on the RngLib. The RngLib has multiple > implementations, some of them are unsafe (e.g. BaseRngLibTimerLib). > To allow the RngDxe to detect when such implementation is used, > a GetRngGuid() function is added in a following patch. > > Prepare GetRngGuid() return values and add GUIDs describing > Rng algorithms: > - gEfiRngAlgorithmArmRndr > to describe a Rng algorithm accessed through Arm's RNDR instruction. > [1] states that the implementation of this algorithm should be > compliant to NIST SP900-80. The compliance is not guaranteed. > - gEfiRngAlgorithmUnSafe > to describe an unsafe implementation, cf. the BaseRngLibTimerLib. > > [1] Arm Architecture Reference Manual Armv8, for A-profile architecture > sK12.1 'Properties of the generated random number' > > Signed-off-by: Pierre Gondois > --- > MdePkg/Include/Protocol/Rng.h | 20 ++++++++++++++++++++ > MdePkg/MdePkg.dec | 2 ++ > 2 files changed, 22 insertions(+) > > diff --git a/MdePkg/Include/Protocol/Rng.h b/MdePkg/Include/Protocol/Rng.h > index baf425587b3c..dfdaf36e41dc 100644 > --- a/MdePkg/Include/Protocol/Rng.h > +++ b/MdePkg/Include/Protocol/Rng.h > @@ -67,6 +67,24 @@ typedef EFI_GUID EFI_RNG_ALGORITHM; > { \ > 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 } \ > } > +/// > +/// The Arm Architecture states the RNDR that the DRBG algorithm should be compliant > +/// with NIST SP800-90A, while not mandating a particular algorithm, so as to be > +/// inclusive of different geographies. > +/// > +#define EFI_RNG_ALGORITHM_ARM_RNDR \ > + { \ > + 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41} \ > + } > +/// > +/// The implementation of a Random Number Generator might be unsafe, when using > +/// a dummy implementation for instance. Allow identifying such implementation > +/// with this GUID. > +/// > +#define EFI_RNG_ALGORITHM_UNSAFE \ > + { \ > + 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 } \ > + } [SAMI] Unlike the EFI_RNG_ALGORITHM_ARM_RNDR which is backed by the code first spec update at https://mantis.uefi.org/mantis/view.php?id=2386; the EFI_RNG_ALGORITHM_UNSAFE is not backed by any specification. Although I agree that a definition of the unsafe algorithm is required to support some platforms, I am not sure if this file and the macro prefix is right for this definition. I would defer this decision, and any advice on how to proceed to the MdePkg maintainers. [/SAMI] > > /** > Returns information about the random number generation implementation. > @@ -146,5 +164,7 @@ extern EFI_GUID gEfiRngAlgorithmSp80090Ctr256Guid; > extern EFI_GUID gEfiRngAlgorithmX9313DesGuid; > extern EFI_GUID gEfiRngAlgorithmX931AesGuid; > extern EFI_GUID gEfiRngAlgorithmRaw; > +extern EFI_GUID gEfiRngAlgorithmArmRndr; > +extern EFI_GUID gEfiRngAlgorithmUnSafe; > > #endif > diff --git a/MdePkg/MdePkg.dec b/MdePkg/MdePkg.dec > index 0ecfad5795e4..754085eaa55b 100644 > --- a/MdePkg/MdePkg.dec > +++ b/MdePkg/MdePkg.dec > @@ -633,6 +633,8 @@ [Guids] > gEfiRngAlgorithmX9313DesGuid = { 0x63c4785a, 0xca34, 0x4012, {0xa3, 0xc8, 0x0b, 0x6a, 0x32, 0x4f, 0x55, 0x46 }} > gEfiRngAlgorithmX931AesGuid = { 0xacd03321, 0x777e, 0x4d3d, {0xb1, 0xc8, 0x20, 0xcf, 0xd8, 0x88, 0x20, 0xc9 }} > gEfiRngAlgorithmRaw = { 0xe43176d7, 0xb6e8, 0x4827, {0xb7, 0x84, 0x7f, 0xfd, 0xc4, 0xb6, 0x85, 0x61 }} > + gEfiRngAlgorithmArmRndr = { 0x43d2fde3, 0x9d4e, 0x4d79, {0x02, 0x96, 0xa8, 0x9b, 0xca, 0x78, 0x08, 0x41 }} > + gEfiRngAlgorithmUnSafe = { 0x869f728c, 0x409d, 0x4ab4, {0xac, 0x03, 0x71, 0xd3, 0x09, 0xc1, 0xb3, 0xf4 }} > > ## Include/Protocol/AdapterInformation.h > gEfiAdapterInfoMediaStateGuid = { 0xD7C74207, 0xA831, 0x4A26, {0xB1, 0xF5, 0xD1, 0x93, 0x06, 0x5C, 0xE8, 0xB6 }}