* [edk2-devel][PATCH v1 1/2] UefiPayloadPkg: Define RngLibTimerLib for systems without RDRAND
@ 2023-04-25 17:09 Benjamin Doron
2023-04-25 17:09 ` [edk2-devel][PATCH v1 2/2] UefiPayloadPkg: Enable RNG support Benjamin Doron
2023-04-26 12:33 ` [edk2-devel][PATCH v1 1/2] UefiPayloadPkg: Define RngLibTimerLib for systems without RDRAND Sean Rhodes
0 siblings, 2 replies; 10+ messages in thread
From: Benjamin Doron @ 2023-04-25 17:09 UTC (permalink / raw)
To: devel; +Cc: Guo Dong, Ray Ni, Sean Rhodes, James Lu, Gua Guo
From: Benjamin Doron <benjamin.doron@9elements.com>
Presently, `ArchIsRngSupported()` always returns TRUE, per
https://github.com/tianocore/edk2/blob/1eeca0750af5af2f0e78437bf791ac2de74bde74/MdePkg/Library/BaseRngLib/Rand/RdRand.c#L124-L125.
Therefore, `BaseRngLibConstructor()` should continue to assert RDRAND
support.
However, older platforms do not support RDRAND, such as QEMU in some
configurations. Therefore, define an RngLib library class for such
systems, using a new flag. Maintain current behaviour by default.
Note that this is less secure behaviour, and should be avoided in
production.
Cc: Guo Dong <guo.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Sean Rhodes <sean@starlabs.systems>
Cc: James Lu <james.lu@intel.com>
Cc: Gua Guo <gua.guo@intel.com>
Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com>
---
UefiPayloadPkg/UefiPayloadPkg.dsc | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc
index 9847f189fff5..1e803ba01567 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -130,6 +130,7 @@
# This is how BaseCpuTimerLib works, and a recommended way to get Frequence, so set the default value as TRUE.
# Note: for emulation platform such as QEMU, this may not work and should set it as FALSE
DEFINE CPU_TIMER_LIB_ENABLE = TRUE
+ DEFINE CPU_RNG_ENABLE = TRUE
DEFINE MULTIPLE_DEBUG_PORT_SUPPORT = FALSE
@@ -204,7 +205,11 @@
!endif
IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
+!if $(CPU_RNG_ENABLE) == TRUE
RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
+!else
+ RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
+!endif
HobLib|UefiPayloadPkg/Library/DxeHobLib/DxeHobLib.inf
#
--
2.39.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* [edk2-devel][PATCH v1 2/2] UefiPayloadPkg: Enable RNG support
2023-04-25 17:09 [edk2-devel][PATCH v1 1/2] UefiPayloadPkg: Define RngLibTimerLib for systems without RDRAND Benjamin Doron
@ 2023-04-25 17:09 ` Benjamin Doron
2023-04-26 12:33 ` Sean Rhodes
2023-04-26 18:07 ` [edk2-devel][PATCH " Pedro Falcato
2023-04-26 12:33 ` [edk2-devel][PATCH v1 1/2] UefiPayloadPkg: Define RngLibTimerLib for systems without RDRAND Sean Rhodes
1 sibling, 2 replies; 10+ messages in thread
From: Benjamin Doron @ 2023-04-25 17:09 UTC (permalink / raw)
To: devel; +Cc: Guo Dong, Ray Ni, Sean Rhodes, James Lu, Gua Guo
From: Benjamin Doron <benjamin.doron@9elements.com>
Uses CPU RDRAND support and installs the EfiRngProtocol.
The protocol may be used by iPXE or the Linux kernel to gather entropy.
Cc: Guo Dong <guo.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Sean Rhodes <sean@starlabs.systems>
Cc: James Lu <james.lu@intel.com>
Cc: Gua Guo <gua.guo@intel.com>
Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com>
---
UefiPayloadPkg/UefiPayloadPkg.dsc | 3 +++
UefiPayloadPkg/UefiPayloadPkg.fdf | 3 +++
2 files changed, 6 insertions(+)
diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc
index 1e803ba01567..486af2396731 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -634,6 +634,9 @@
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
!endif
UefiCpuPkg/CpuDxe/CpuDxe.inf
+!if $(CPU_RNG_ENABLE) == TRUE
+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+!endif
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
!if $(BOOTSPLASH_IMAGE)
MdeModulePkg/Logo/LogoDxe.inf
diff --git a/UefiPayloadPkg/UefiPayloadPkg.fdf b/UefiPayloadPkg/UefiPayloadPkg.fdf
index f8c2aa8c4a02..53add65a6a40 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.fdf
+++ b/UefiPayloadPkg/UefiPayloadPkg.fdf
@@ -157,6 +157,9 @@ INF CryptoPkg/Driver/CryptoDxe.inf
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
!endif
INF UefiCpuPkg/CpuDxe/CpuDxe.inf
+!if $(CPU_RNG_ENABLE) == TRUE
+INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+!endif
INF RuleOverride = UI MdeModulePkg/Application/UiApp/UiApp.inf
INF MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf
--
2.39.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [edk2-devel][PATCH v1 1/2] UefiPayloadPkg: Define RngLibTimerLib for systems without RDRAND
2023-04-25 17:09 [edk2-devel][PATCH v1 1/2] UefiPayloadPkg: Define RngLibTimerLib for systems without RDRAND Benjamin Doron
2023-04-25 17:09 ` [edk2-devel][PATCH v1 2/2] UefiPayloadPkg: Enable RNG support Benjamin Doron
@ 2023-04-26 12:33 ` Sean Rhodes
1 sibling, 0 replies; 10+ messages in thread
From: Sean Rhodes @ 2023-04-26 12:33 UTC (permalink / raw)
To: Benjamin Doron; +Cc: devel, Guo Dong, Ray Ni, James Lu, Gua Guo
[-- Attachment #1: Type: text/plain, Size: 2102 bytes --]
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
On Tue, 25 Apr 2023 at 18:09, Benjamin Doron <benjamin.doron00@gmail.com>
wrote:
> From: Benjamin Doron <benjamin.doron@9elements.com>
>
> Presently, `ArchIsRngSupported()` always returns TRUE, per
>
> https://github.com/tianocore/edk2/blob/1eeca0750af5af2f0e78437bf791ac2de74bde74/MdePkg/Library/BaseRngLib/Rand/RdRand.c#L124-L125
> .
> Therefore, `BaseRngLibConstructor()` should continue to assert RDRAND
> support.
>
> However, older platforms do not support RDRAND, such as QEMU in some
> configurations. Therefore, define an RngLib library class for such
> systems, using a new flag. Maintain current behaviour by default.
>
> Note that this is less secure behaviour, and should be avoided in
> production.
>
> Cc: Guo Dong <guo.dong@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Sean Rhodes <sean@starlabs.systems>
> Cc: James Lu <james.lu@intel.com>
> Cc: Gua Guo <gua.guo@intel.com>
> Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com>
> ---
> UefiPayloadPkg/UefiPayloadPkg.dsc | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc
> b/UefiPayloadPkg/UefiPayloadPkg.dsc
> index 9847f189fff5..1e803ba01567 100644
> --- a/UefiPayloadPkg/UefiPayloadPkg.dsc
> +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
> @@ -130,6 +130,7 @@
> # This is how BaseCpuTimerLib works, and a recommended way to get
> Frequence, so set the default value as TRUE.
> # Note: for emulation platform such as QEMU, this may not work and
> should set it as FALSE
> DEFINE CPU_TIMER_LIB_ENABLE = TRUE
> + DEFINE CPU_RNG_ENABLE = TRUE
>
> DEFINE MULTIPLE_DEBUG_PORT_SUPPORT = FALSE
>
> @@ -204,7 +205,11 @@
> !endif
> IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +!if $(CPU_RNG_ENABLE) == TRUE
> RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
> +!else
> + RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
> +!endif
> HobLib|UefiPayloadPkg/Library/DxeHobLib/DxeHobLib.inf
>
> #
> --
> 2.39.2
>
>
[-- Attachment #2: Type: text/html, Size: 3221 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel][PATCH v1 2/2] UefiPayloadPkg: Enable RNG support
2023-04-25 17:09 ` [edk2-devel][PATCH v1 2/2] UefiPayloadPkg: Enable RNG support Benjamin Doron
@ 2023-04-26 12:33 ` Sean Rhodes
2023-04-26 12:55 ` Guo, Gua
2023-04-26 13:09 ` [edk2-devel] [PATCH " Sheng Lean Tan
2023-04-26 18:07 ` [edk2-devel][PATCH " Pedro Falcato
1 sibling, 2 replies; 10+ messages in thread
From: Sean Rhodes @ 2023-04-26 12:33 UTC (permalink / raw)
To: Benjamin Doron; +Cc: devel, Guo Dong, Ray Ni, James Lu, Gua Guo
[-- Attachment #1: Type: text/plain, Size: 1895 bytes --]
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
On Tue, 25 Apr 2023 at 18:09, Benjamin Doron <benjamin.doron00@gmail.com>
wrote:
> From: Benjamin Doron <benjamin.doron@9elements.com>
>
> Uses CPU RDRAND support and installs the EfiRngProtocol.
> The protocol may be used by iPXE or the Linux kernel to gather entropy.
>
> Cc: Guo Dong <guo.dong@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Sean Rhodes <sean@starlabs.systems>
> Cc: James Lu <james.lu@intel.com>
> Cc: Gua Guo <gua.guo@intel.com>
> Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com>
> ---
> UefiPayloadPkg/UefiPayloadPkg.dsc | 3 +++
> UefiPayloadPkg/UefiPayloadPkg.fdf | 3 +++
> 2 files changed, 6 insertions(+)
>
> diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc
> b/UefiPayloadPkg/UefiPayloadPkg.dsc
> index 1e803ba01567..486af2396731 100644
> --- a/UefiPayloadPkg/UefiPayloadPkg.dsc
> +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
> @@ -634,6 +634,9 @@
> MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
> !endif
> UefiCpuPkg/CpuDxe/CpuDxe.inf
> +!if $(CPU_RNG_ENABLE) == TRUE
> + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> +!endif
> MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
> !if $(BOOTSPLASH_IMAGE)
> MdeModulePkg/Logo/LogoDxe.inf
> diff --git a/UefiPayloadPkg/UefiPayloadPkg.fdf
> b/UefiPayloadPkg/UefiPayloadPkg.fdf
> index f8c2aa8c4a02..53add65a6a40 100644
> --- a/UefiPayloadPkg/UefiPayloadPkg.fdf
> +++ b/UefiPayloadPkg/UefiPayloadPkg.fdf
> @@ -157,6 +157,9 @@ INF CryptoPkg/Driver/CryptoDxe.inf
> INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
> !endif
> INF UefiCpuPkg/CpuDxe/CpuDxe.inf
> +!if $(CPU_RNG_ENABLE) == TRUE
> +INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> +!endif
>
> INF RuleOverride = UI MdeModulePkg/Application/UiApp/UiApp.inf
> INF MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf
> --
> 2.39.2
>
>
[-- Attachment #2: Type: text/html, Size: 2823 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel][PATCH v1 2/2] UefiPayloadPkg: Enable RNG support
2023-04-26 12:33 ` Sean Rhodes
@ 2023-04-26 12:55 ` Guo, Gua
2023-04-26 13:10 ` Sheng Lean Tan
2023-04-26 13:09 ` [edk2-devel] [PATCH " Sheng Lean Tan
1 sibling, 1 reply; 10+ messages in thread
From: Guo, Gua @ 2023-04-26 12:55 UTC (permalink / raw)
To: devel@edk2.groups.io, Rhodes, Sean, Benjamin Doron
Cc: Dong, Guo, Ni, Ray, Lu, James
[-- Attachment #1: Type: text/plain, Size: 2722 bytes --]
Do we separate these Security Driver into separate FV ?
I really don’t want to see gather everything into uefi_fv.
Separate it into a lot of fv, we can easy to plug in and plug out.
Thanks,
Gua
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Sean Rhodes
Sent: Wednesday, April 26, 2023 8:33 PM
To: Benjamin Doron <benjamin.doron00@gmail.com>
Cc: devel@edk2.groups.io; Dong, Guo <guo.dong@intel.com>; Ni, Ray <ray.ni@intel.com>; Lu, James <james.lu@intel.com>; Guo, Gua <gua.guo@intel.com>
Subject: Re: [edk2-devel][PATCH v1 2/2] UefiPayloadPkg: Enable RNG support
Reviewed-by: Sean Rhodes <sean@starlabs.systems<mailto:sean@starlabs.systems>>
On Tue, 25 Apr 2023 at 18:09, Benjamin Doron <benjamin.doron00@gmail.com<mailto:benjamin.doron00@gmail.com>> wrote:
From: Benjamin Doron <benjamin.doron@9elements.com<mailto:benjamin.doron@9elements.com>>
Uses CPU RDRAND support and installs the EfiRngProtocol.
The protocol may be used by iPXE or the Linux kernel to gather entropy.
Cc: Guo Dong <guo.dong@intel.com<mailto:guo.dong@intel.com>>
Cc: Ray Ni <ray.ni@intel.com<mailto:ray.ni@intel.com>>
Cc: Sean Rhodes <sean@starlabs.systems<mailto:sean@starlabs.systems>>
Cc: James Lu <james.lu@intel.com<mailto:james.lu@intel.com>>
Cc: Gua Guo <gua.guo@intel.com<mailto:gua.guo@intel.com>>
Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com<mailto:benjamin.doron@9elements.com>>
---
UefiPayloadPkg/UefiPayloadPkg.dsc | 3 +++
UefiPayloadPkg/UefiPayloadPkg.fdf | 3 +++
2 files changed, 6 insertions(+)
diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc
index 1e803ba01567..486af2396731 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -634,6 +634,9 @@
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
!endif
UefiCpuPkg/CpuDxe/CpuDxe.inf
+!if $(CPU_RNG_ENABLE) == TRUE
+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+!endif
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
!if $(BOOTSPLASH_IMAGE)
MdeModulePkg/Logo/LogoDxe.inf
diff --git a/UefiPayloadPkg/UefiPayloadPkg.fdf b/UefiPayloadPkg/UefiPayloadPkg.fdf
index f8c2aa8c4a02..53add65a6a40 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.fdf
+++ b/UefiPayloadPkg/UefiPayloadPkg.fdf
@@ -157,6 +157,9 @@ INF CryptoPkg/Driver/CryptoDxe.inf
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
!endif
INF UefiCpuPkg/CpuDxe/CpuDxe.inf
+!if $(CPU_RNG_ENABLE) == TRUE
+INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+!endif
INF RuleOverride = UI MdeModulePkg/Application/UiApp/UiApp.inf
INF MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf
--
2.39.2
[-- Attachment #2: Type: text/html, Size: 6657 bytes --]
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [edk2-devel] [PATCH v1 2/2] UefiPayloadPkg: Enable RNG support
2023-04-26 12:33 ` Sean Rhodes
2023-04-26 12:55 ` Guo, Gua
@ 2023-04-26 13:09 ` Sheng Lean Tan
1 sibling, 0 replies; 10+ messages in thread
From: Sheng Lean Tan @ 2023-04-26 13:09 UTC (permalink / raw)
To: Sean Rhodes, devel
[-- Attachment #1: Type: text/plain, Size: 144 bytes --]
Hi Gua,
Thanks for the review. Do you have a proposal or small example on how you want to see to separate into another FV?
Thanks,
Sheng
[-- Attachment #2: Type: text/html, Size: 273 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel][PATCH v1 2/2] UefiPayloadPkg: Enable RNG support
2023-04-26 12:55 ` Guo, Gua
@ 2023-04-26 13:10 ` Sheng Lean Tan
2023-04-26 22:43 ` Guo, Gua
0 siblings, 1 reply; 10+ messages in thread
From: Sheng Lean Tan @ 2023-04-26 13:10 UTC (permalink / raw)
To: devel, gua.guo
Cc: Rhodes, Sean, Benjamin Doron, Dong, Guo, Ni, Ray, Lu, James
[-- Attachment #1: Type: text/plain, Size: 2863 bytes --]
Hi Gua,
Thanks for the review. Do you have a proposal or small example on how you
want to separate into another FV?
Thanks,
Sheng
On Wed, 26 Apr 2023 at 14:55, Guo, Gua <gua.guo@intel.com> wrote:
> Do we separate these Security Driver into separate FV ?
>
>
>
> I really don’t want to see gather everything into uefi_fv.
>
> Separate it into a lot of fv, we can easy to plug in and plug out.
>
>
>
> Thanks,
>
> Gua
>
>
>
> *From:* devel@edk2.groups.io <devel@edk2.groups.io> * On Behalf Of *Sean
> Rhodes
> *Sent:* Wednesday, April 26, 2023 8:33 PM
> *To:* Benjamin Doron <benjamin.doron00@gmail.com>
> *Cc:* devel@edk2.groups.io; Dong, Guo <guo.dong@intel.com>; Ni, Ray <
> ray.ni@intel.com>; Lu, James <james.lu@intel.com>; Guo, Gua <
> gua.guo@intel.com>
> *Subject:* Re: [edk2-devel][PATCH v1 2/2] UefiPayloadPkg: Enable RNG
> support
>
>
>
> Reviewed-by: Sean Rhodes <sean@starlabs.systems>
>
>
>
> On Tue, 25 Apr 2023 at 18:09, Benjamin Doron <benjamin.doron00@gmail.com>
> wrote:
>
> From: Benjamin Doron <benjamin.doron@9elements.com>
>
> Uses CPU RDRAND support and installs the EfiRngProtocol.
> The protocol may be used by iPXE or the Linux kernel to gather entropy.
>
> Cc: Guo Dong <guo.dong@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Sean Rhodes <sean@starlabs.systems>
> Cc: James Lu <james.lu@intel.com>
> Cc: Gua Guo <gua.guo@intel.com>
> Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com>
> ---
> UefiPayloadPkg/UefiPayloadPkg.dsc | 3 +++
> UefiPayloadPkg/UefiPayloadPkg.fdf | 3 +++
> 2 files changed, 6 insertions(+)
>
> diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc
> b/UefiPayloadPkg/UefiPayloadPkg.dsc
> index 1e803ba01567..486af2396731 100644
> --- a/UefiPayloadPkg/UefiPayloadPkg.dsc
> +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
> @@ -634,6 +634,9 @@
> MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
> !endif
> UefiCpuPkg/CpuDxe/CpuDxe.inf
> +!if $(CPU_RNG_ENABLE) == TRUE
> + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> +!endif
> MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
> !if $(BOOTSPLASH_IMAGE)
> MdeModulePkg/Logo/LogoDxe.inf
> diff --git a/UefiPayloadPkg/UefiPayloadPkg.fdf
> b/UefiPayloadPkg/UefiPayloadPkg.fdf
> index f8c2aa8c4a02..53add65a6a40 100644
> --- a/UefiPayloadPkg/UefiPayloadPkg.fdf
> +++ b/UefiPayloadPkg/UefiPayloadPkg.fdf
> @@ -157,6 +157,9 @@ INF CryptoPkg/Driver/CryptoDxe.inf
> INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
> !endif
> INF UefiCpuPkg/CpuDxe/CpuDxe.inf
> +!if $(CPU_RNG_ENABLE) == TRUE
> +INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> +!endif
>
> INF RuleOverride = UI MdeModulePkg/Application/UiApp/UiApp.inf
> INF MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf
> --
> 2.39.2
>
>
>
>
[-- Attachment #2: Type: text/html, Size: 5824 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel][PATCH v1 2/2] UefiPayloadPkg: Enable RNG support
2023-04-25 17:09 ` [edk2-devel][PATCH v1 2/2] UefiPayloadPkg: Enable RNG support Benjamin Doron
2023-04-26 12:33 ` Sean Rhodes
@ 2023-04-26 18:07 ` Pedro Falcato
2023-04-26 21:24 ` [edk2-devel] [PATCH " Benjamin Doron
1 sibling, 1 reply; 10+ messages in thread
From: Pedro Falcato @ 2023-04-26 18:07 UTC (permalink / raw)
To: devel, benjamin.doron00; +Cc: Guo Dong, Ray Ni, Sean Rhodes, James Lu, Gua Guo
On Tue, Apr 25, 2023 at 6:09 PM Benjamin Doron
<benjamin.doron00@gmail.com> wrote:
>
> From: Benjamin Doron <benjamin.doron@9elements.com>
>
> Uses CPU RDRAND support and installs the EfiRngProtocol.
> The protocol may be used by iPXE or the Linux kernel to gather entropy.
>
> Cc: Guo Dong <guo.dong@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Sean Rhodes <sean@starlabs.systems>
> Cc: James Lu <james.lu@intel.com>
> Cc: Gua Guo <gua.guo@intel.com>
> Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com>
> ---
> UefiPayloadPkg/UefiPayloadPkg.dsc | 3 +++
> UefiPayloadPkg/UefiPayloadPkg.fdf | 3 +++
> 2 files changed, 6 insertions(+)
>
> diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc
> index 1e803ba01567..486af2396731 100644
> --- a/UefiPayloadPkg/UefiPayloadPkg.dsc
> +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
> @@ -634,6 +634,9 @@
> MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
> !endif
> UefiCpuPkg/CpuDxe/CpuDxe.inf
> +!if $(CPU_RNG_ENABLE) == TRUE
> + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
> +!endif
> MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
> !if $(BOOTSPLASH_IMAGE)
> MdeModulePkg/Logo/LogoDxe.inf
> diff --git a/UefiPayloadPkg/UefiPayloadPkg.fdf b/UefiPayloadPkg/UefiPayloadPkg.fdf
> index f8c2aa8c4a02..53add65a6a40 100644
> --- a/UefiPayloadPkg/UefiPayloadPkg.fdf
> +++ b/UefiPayloadPkg/UefiPayloadPkg.fdf
> @@ -157,6 +157,9 @@ INF CryptoPkg/Driver/CryptoDxe.inf
> INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
> !endif
> INF UefiCpuPkg/CpuDxe/CpuDxe.inf
> +!if $(CPU_RNG_ENABLE) == TRUE
> +INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
Friendly reminder: https://bugzilla.tianocore.org/show_bug.cgi?id=4163
Which ended up never getting merged. Do check if this affects you
(particularly as coreboot is used by a lot of older devices).
--
Pedro
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel] [PATCH v1 2/2] UefiPayloadPkg: Enable RNG support
2023-04-26 18:07 ` [edk2-devel][PATCH " Pedro Falcato
@ 2023-04-26 21:24 ` Benjamin Doron
0 siblings, 0 replies; 10+ messages in thread
From: Benjamin Doron @ 2023-04-26 21:24 UTC (permalink / raw)
To: Pedro Falcato, devel
[-- Attachment #1: Type: text/plain, Size: 509 bytes --]
I hadn't seen the bugzilla yet, though I know the issue. See patch 1/2, the current approach is to use RngLibTimerLib if the build-time configuration indicates. This isn't recommended but sufficient for building for platforms which require the library class - I think OpensslLib has a dependency. For the same reason, the RngDxe driver is only compiled with the same build definition, because there's no good point to advertising RNG support through the protocol when it's low quality.
Regards,
Benjamin
[-- Attachment #2: Type: text/html, Size: 521 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [edk2-devel][PATCH v1 2/2] UefiPayloadPkg: Enable RNG support
2023-04-26 13:10 ` Sheng Lean Tan
@ 2023-04-26 22:43 ` Guo, Gua
0 siblings, 0 replies; 10+ messages in thread
From: Guo, Gua @ 2023-04-26 22:43 UTC (permalink / raw)
To: devel@edk2.groups.io, Tan, Lean Sheng
Cc: Rhodes, Sean, Benjamin Doron, Dong, Guo, Ni, Ray, Lu, James
[-- Attachment #1.1: Type: text/plain, Size: 3716 bytes --]
You can check with network_fv or bds_fv
[cid:image001.png@01D978D3.909189F0]
Thanks,
Gua
From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Sheng Lean Tan
Sent: Wednesday, April 26, 2023 9:11 PM
To: devel@edk2.groups.io; Guo, Gua <gua.guo@intel.com>
Cc: Rhodes, Sean <sean@starlabs.systems>; Benjamin Doron <benjamin.doron00@gmail.com>; Dong, Guo <guo.dong@intel.com>; Ni, Ray <ray.ni@intel.com>; Lu, James <james.lu@intel.com>
Subject: Re: [edk2-devel][PATCH v1 2/2] UefiPayloadPkg: Enable RNG support
Hi Gua,
Thanks for the review. Do you have a proposal or small example on how you want to separate into another FV?
Thanks,
Sheng
On Wed, 26 Apr 2023 at 14:55, Guo, Gua <gua.guo@intel.com<mailto:gua.guo@intel.com>> wrote:
Do we separate these Security Driver into separate FV ?
I really don’t want to see gather everything into uefi_fv.
Separate it into a lot of fv, we can easy to plug in and plug out.
Thanks,
Gua
From: devel@edk2.groups.io<mailto:devel@edk2.groups.io> <devel@edk2.groups.io<mailto:devel@edk2.groups.io>> On Behalf Of Sean Rhodes
Sent: Wednesday, April 26, 2023 8:33 PM
To: Benjamin Doron <benjamin.doron00@gmail.com<mailto:benjamin.doron00@gmail.com>>
Cc: devel@edk2.groups.io<mailto:devel@edk2.groups.io>; Dong, Guo <guo.dong@intel.com<mailto:guo.dong@intel.com>>; Ni, Ray <ray.ni@intel.com<mailto:ray.ni@intel.com>>; Lu, James <james.lu@intel.com<mailto:james.lu@intel.com>>; Guo, Gua <gua.guo@intel.com<mailto:gua.guo@intel.com>>
Subject: Re: [edk2-devel][PATCH v1 2/2] UefiPayloadPkg: Enable RNG support
Reviewed-by: Sean Rhodes <sean@starlabs.systems<mailto:sean@starlabs.systems>>
On Tue, 25 Apr 2023 at 18:09, Benjamin Doron <benjamin.doron00@gmail.com<mailto:benjamin.doron00@gmail.com>> wrote:
From: Benjamin Doron <benjamin.doron@9elements.com<mailto:benjamin.doron@9elements.com>>
Uses CPU RDRAND support and installs the EfiRngProtocol.
The protocol may be used by iPXE or the Linux kernel to gather entropy.
Cc: Guo Dong <guo.dong@intel.com<mailto:guo.dong@intel.com>>
Cc: Ray Ni <ray.ni@intel.com<mailto:ray.ni@intel.com>>
Cc: Sean Rhodes <sean@starlabs.systems<mailto:sean@starlabs.systems>>
Cc: James Lu <james.lu@intel.com<mailto:james.lu@intel.com>>
Cc: Gua Guo <gua.guo@intel.com<mailto:gua.guo@intel.com>>
Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com<mailto:benjamin.doron@9elements.com>>
---
UefiPayloadPkg/UefiPayloadPkg.dsc | 3 +++
UefiPayloadPkg/UefiPayloadPkg.fdf | 3 +++
2 files changed, 6 insertions(+)
diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc
index 1e803ba01567..486af2396731 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -634,6 +634,9 @@
MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
!endif
UefiCpuPkg/CpuDxe/CpuDxe.inf
+!if $(CPU_RNG_ENABLE) == TRUE
+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+!endif
MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
!if $(BOOTSPLASH_IMAGE)
MdeModulePkg/Logo/LogoDxe.inf
diff --git a/UefiPayloadPkg/UefiPayloadPkg.fdf b/UefiPayloadPkg/UefiPayloadPkg.fdf
index f8c2aa8c4a02..53add65a6a40 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.fdf
+++ b/UefiPayloadPkg/UefiPayloadPkg.fdf
@@ -157,6 +157,9 @@ INF CryptoPkg/Driver/CryptoDxe.inf
INF MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf
!endif
INF UefiCpuPkg/CpuDxe/CpuDxe.inf
+!if $(CPU_RNG_ENABLE) == TRUE
+INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
+!endif
INF RuleOverride = UI MdeModulePkg/Application/UiApp/UiApp.inf
INF MdeModulePkg/Application/BootManagerMenuApp/BootManagerMenuApp.inf
--
2.39.2
[-- Attachment #1.2: Type: text/html, Size: 9972 bytes --]
[-- Attachment #2: image001.png --]
[-- Type: image/png, Size: 77716 bytes --]
^ permalink raw reply related [flat|nested] 10+ messages in thread
end of thread, other threads:[~2023-04-26 22:43 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-04-25 17:09 [edk2-devel][PATCH v1 1/2] UefiPayloadPkg: Define RngLibTimerLib for systems without RDRAND Benjamin Doron
2023-04-25 17:09 ` [edk2-devel][PATCH v1 2/2] UefiPayloadPkg: Enable RNG support Benjamin Doron
2023-04-26 12:33 ` Sean Rhodes
2023-04-26 12:55 ` Guo, Gua
2023-04-26 13:10 ` Sheng Lean Tan
2023-04-26 22:43 ` Guo, Gua
2023-04-26 13:09 ` [edk2-devel] [PATCH " Sheng Lean Tan
2023-04-26 18:07 ` [edk2-devel][PATCH " Pedro Falcato
2023-04-26 21:24 ` [edk2-devel] [PATCH " Benjamin Doron
2023-04-26 12:33 ` [edk2-devel][PATCH v1 1/2] UefiPayloadPkg: Define RngLibTimerLib for systems without RDRAND Sean Rhodes
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox