From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-qv1-f49.google.com (mail-qv1-f49.google.com [209.85.219.49])
 by mx.groups.io with SMTP id smtpd.web10.85782.1682442582415769160
 for <devel@edk2.groups.io>;
 Tue, 25 Apr 2023 10:09:42 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="signature has expired" header.i=@gmail.com header.s=20221208 header.b=B4zFw2OX;
 spf=pass (domain: gmail.com, ip: 209.85.219.49, mailfrom: benjamin.doron00@gmail.com)
Received: by mail-qv1-f49.google.com with SMTP id 6a1803df08f44-5ef8aaf12bdso25262776d6.3
        for <devel@edk2.groups.io>; Tue, 25 Apr 2023 10:09:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1682442581; x=1685034581;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=KzOkHsnwMIxaLhtevNz+SQkyiCry9eK3mIoTSBKTnzw=;
        b=B4zFw2OXHHFYS2H1QF3EewmCqFEeFWxusRzTjm40WPDtkZLMto+mK4bL0d48b1PFFI
         3GcaHoPE33N/oAz6LTSqCerGNKeY6INYTLqOiJrdaVcdJp6y9Q1T179Y0Dw6G7xYdZ3H
         uGYXLrkL450JabrOjStVMWnz0Sl99DJe0pBuHqt/fBGQYgF6vBgfviHsCD+AlkwnXZqO
         f+bgurxtQxw0RSyDrYMTe5qt0XGtfPZi6qvYN4Us/2QJHlhG9Wis3r/qfi8Lg/nBYRbd
         Z7tRdnClfexX9twCDkWom50YkURu70C4Jsj1vXz9oyhwacO4fc9+hWTdLOSV7W6bIOEd
         vDXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1682442581; x=1685034581;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=KzOkHsnwMIxaLhtevNz+SQkyiCry9eK3mIoTSBKTnzw=;
        b=lOate4lEpx9BSorEHZ1TdPIFWYvR6UL9DtHSGDtprVWP+Mskya+yzybdtDHvAJQoDi
         bx3NwVa3xRAxEY1xcgipb6lHClRoUnoY5IrhIhSTZNi6UVnIyjfkxML9o2bIrEty6Xsi
         tPtDTYKY/OVDDBRo9K3aMyxUC0uhQTDztTfwO4CzFNC+unOla+WnIZ2WiDiz5sBBCsmV
         ZOwqkee9rAoB3LbrvrXYXK2ydA8JvmUA1GcuoO2pfik8Jv9KQWVNcCg2bRMDH7OeoPkH
         seHzl9rJ21n+VeqWoA9bmMZ5sY9wYYdUCC8fddeJWvFCfmQ85EuiDh9Qi9OK9IGzudO2
         XHpw==
X-Gm-Message-State: AAQBX9dRDSNbP9cUyFfK9qD1xaYxCcrGF2SBixxUYyRSI1RIwpnY5Hm7
	1I9dUxKCuEjomcCsI6i/CcZP+ADhXVk=
X-Google-Smtp-Source: AKy350YhHExPOuvYcJ9lglqwczhBGRrBMb/v71tLkvx5gglqGwTQcP3E+V/tq1Ji7zc6J53gPuwiyg==
X-Received: by 2002:a05:6214:e83:b0:56f:52ba:cce6 with SMTP id hf3-20020a0562140e8300b0056f52bacce6mr31026635qvb.19.1682442581167;
        Tue, 25 Apr 2023 10:09:41 -0700 (PDT)
Return-Path: <benjamin.doron00@gmail.com>
Received: from aturtleortwo-benjamindomain.sec.9e.network ([2607:f2c0:e98c:e:3a80:fa28:1340:db7b])
        by smtp.gmail.com with ESMTPSA id o15-20020a0ce40f000000b005ef616a7cc9sm4198471qvl.137.2023.04.25.10.09.40
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 25 Apr 2023 10:09:40 -0700 (PDT)
From: "Benjamin Doron" <benjamin.doron00@gmail.com>
To: devel@edk2.groups.io
Cc: Guo Dong <guo.dong@intel.com>,
	Ray Ni <ray.ni@intel.com>,
	Sean Rhodes <sean@starlabs.systems>,
	James Lu <james.lu@intel.com>,
	Gua Guo <gua.guo@intel.com>
Subject: [edk2-devel][PATCH v1 1/2] UefiPayloadPkg: Define RngLibTimerLib for systems without RDRAND
Date: Tue, 25 Apr 2023 13:09:27 -0400
Message-Id: <7edb8c7baae2fc58034a62f50f5f4000fb5bd102.1682442501.git.benjamin.doron00@gmail.com>
X-Mailer: git-send-email 2.39.2
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

From: Benjamin Doron <benjamin.doron@9elements.com>

Presently, `ArchIsRngSupported()` always returns TRUE, per
https://github.com/tianocore/edk2/blob/1eeca0750af5af2f0e78437bf791ac2de74b=
de74/MdePkg/Library/BaseRngLib/Rand/RdRand.c#L124-L125.
Therefore, `BaseRngLibConstructor()` should continue to assert RDRAND
support.

However, older platforms do not support RDRAND, such as QEMU in some
configurations. Therefore, define an RngLib library class for such
systems, using a new flag. Maintain current behaviour by default.

Note that this is less secure behaviour, and should be avoided in
production.

Cc: Guo Dong <guo.dong@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Sean Rhodes <sean@starlabs.systems>
Cc: James Lu <james.lu@intel.com>
Cc: Gua Guo <gua.guo@intel.com>
Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com>
---
 UefiPayloadPkg/UefiPayloadPkg.dsc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayload=
Pkg.dsc
index 9847f189fff5..1e803ba01567 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -130,6 +130,7 @@
   # This is how BaseCpuTimerLib works, and a recommended way to get Freque=
nce, so set the default value as TRUE.=0D
   # Note: for emulation platform such as QEMU, this may not work and shoul=
d set it as FALSE=0D
   DEFINE CPU_TIMER_LIB_ENABLE  =3D TRUE=0D
+  DEFINE CPU_RNG_ENABLE        =3D TRUE=0D
 =0D
   DEFINE MULTIPLE_DEBUG_PORT_SUPPORT =3D FALSE=0D
 =0D
@@ -204,7 +205,11 @@
 !endif=0D
   IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf=0D
   OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf=0D
+!if $(CPU_RNG_ENABLE) =3D=3D TRUE=0D
   RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf=0D
+!else=0D
+  RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf=0D
+!endif=0D
   HobLib|UefiPayloadPkg/Library/DxeHobLib/DxeHobLib.inf=0D
 =0D
   #=0D
--=20
2.39.2