* [edk2-devel] [PATCH edk2-platforms v2] SbsaQemu: use FEAT_RNG for EFI_RNG_PROTOCOL
@ 2024-07-03 12:39 Marcin Juszkiewicz
2024-07-04 11:27 ` Leif Lindholm
0 siblings, 1 reply; 3+ messages in thread
From: Marcin Juszkiewicz @ 2024-07-03 12:39 UTC (permalink / raw)
To: devel; +Cc: Leif Lindholm, Ard Biesheuvel, Graeme Gregory, Marcin Juszkiewicz
By default we have Neoverse-N2 cpu which supports FEAT_RNG feature. This
allows us to add RngDxe to have EFI_RNG_PROTOCOL available on
Neoverse-N2 and 'max' cpu cores.
Commit 5de5e230a80bed083360da95ba16a2c4a001620d (in EDK2) enabled that for
ArmVirt platform.
RNDR is implemented by both Neoverse-N2 and 'max' cpu implemented by QEMU.
Other cpu models lack it which prevents the RngDxe driver from running,
resulting in the same situation as before.
TRNG is not implemented in TCG mode but is required by RngDxe to run.
On older cpu cores nothing changes.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
---
By default we have Neoverse-N2 cpu which supports FEAT_RNG feature. This
allows us to add RngDxe to have EFI_RNG_PROTOCOL available on
Neoverse-N2 and 'max' cpu cores.
When I boot with Neoverse-N2 or 'max' cpu then EFI_RNG_PROTOCOL gets
reported by 'EFI stub' on Linux boot and KASLR gets enabled.
Commit 5de5e230a80bed083360da95ba16a2c4a001620d (in EDK2) enabled that for
ArmVirt platform.
RNDR is implemented by both Neoverse-N2 and 'max' cpu implemented by QEMU.
Other cpu models lack it which prevents the RngDxe driver from running,
resulting in the same situation as before.
TRNG is not implemented in TCG mode but is required by RngDxe to run.
On older cpu cores nothing changes.
---
Platform/Qemu/SbsaQemu/SbsaQemu.dsc | 7 +++++++
Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 1 +
2 files changed, 8 insertions(+)
diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
index 9306986bf7c0..72b6a6d9a8b8 100644
--- a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
+++ b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
@@ -660,6 +660,13 @@ [Components.common]
OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
Silicon/Qemu/SbsaQemu/Drivers/SbsaQemuHighMemDxe/SbsaQemuHighMemDxe.inf
+ SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf {
+ <LibraryClasses>
+ RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
+ ArmTrngLib|ArmPkg/Library/ArmTrngLib/ArmTrngLib.inf
+ ArmMonitorLib|ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.inf
+ }
+
#
# FAT filesystem + GPT/MBR partitioning
diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
index b35f42e11aa4..51a1ef8519f9 100644
--- a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
+++ b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
@@ -192,6 +192,7 @@ [FV.FvMain]
INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf
INF OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
+ INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
#
# FAT filesystem + GPT/MBR partitioning + UDF filesystem
---
base-commit: c7ed8deaa8c1d7ee83af994b2c90d4490ef27bdc
change-id: 20240703-efi-rng-protocol-be991536709a
Best regards,
--
Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119785): https://edk2.groups.io/g/devel/message/119785
Mute This Topic: https://groups.io/mt/107018350/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [edk2-devel] [PATCH edk2-platforms v2] SbsaQemu: use FEAT_RNG for EFI_RNG_PROTOCOL
2024-07-03 12:39 [edk2-devel] [PATCH edk2-platforms v2] SbsaQemu: use FEAT_RNG for EFI_RNG_PROTOCOL Marcin Juszkiewicz
@ 2024-07-04 11:27 ` Leif Lindholm
2024-07-04 11:40 ` Marcin Juszkiewicz
0 siblings, 1 reply; 3+ messages in thread
From: Leif Lindholm @ 2024-07-04 11:27 UTC (permalink / raw)
To: devel, marcin.juszkiewicz; +Cc: Ard Biesheuvel, Graeme Gregory
On Wed, Jul 03, 2024 at 14:39:31 +0200, Marcin Juszkiewicz wrote:
> By default we have Neoverse-N2 cpu which supports FEAT_RNG feature. This
> allows us to add RngDxe to have EFI_RNG_PROTOCOL available on
> Neoverse-N2 and 'max' cpu cores.
>
> Commit 5de5e230a80bed083360da95ba16a2c4a001620d (in EDK2) enabled that for
> ArmVirt platform.
>
> RNDR is implemented by both Neoverse-N2 and 'max' cpu implemented by QEMU.
> Other cpu models lack it which prevents the RngDxe driver from running,
> resulting in the same situation as before.
>
> TRNG is not implemented in TCG mode but is required by RngDxe to run.
>
> On older cpu cores nothing changes.
>
> Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Thanks!
Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
With one niggle below:
> ---
> By default we have Neoverse-N2 cpu which supports FEAT_RNG feature. This
> allows us to add RngDxe to have EFI_RNG_PROTOCOL available on
> Neoverse-N2 and 'max' cpu cores.
>
> When I boot with Neoverse-N2 or 'max' cpu then EFI_RNG_PROTOCOL gets
> reported by 'EFI stub' on Linux boot and KASLR gets enabled.
>
> Commit 5de5e230a80bed083360da95ba16a2c4a001620d (in EDK2) enabled that for
> ArmVirt platform.
>
> RNDR is implemented by both Neoverse-N2 and 'max' cpu implemented by QEMU.
> Other cpu models lack it which prevents the RngDxe driver from running,
> resulting in the same situation as before.
>
> TRNG is not implemented in TCG mode but is required by RngDxe to run.
>
> On older cpu cores nothing changes.
> ---
> Platform/Qemu/SbsaQemu/SbsaQemu.dsc | 7 +++++++
> Platform/Qemu/SbsaQemu/SbsaQemu.fdf | 1 +
> 2 files changed, 8 insertions(+)
>
> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
> index 9306986bf7c0..72b6a6d9a8b8 100644
> --- a/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
> +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.dsc
> @@ -660,6 +660,13 @@ [Components.common]
> OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
> MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
> Silicon/Qemu/SbsaQemu/Drivers/SbsaQemuHighMemDxe/SbsaQemuHighMemDxe.inf
> + SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf {
> + <LibraryClasses>
> + RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
> + ArmTrngLib|ArmPkg/Library/ArmTrngLib/ArmTrngLib.inf
> + ArmMonitorLib|ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.inf
> + }
> +
Please drop the added blank line.
/
Leif
>
> #
> # FAT filesystem + GPT/MBR partitioning
> diff --git a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> index b35f42e11aa4..51a1ef8519f9 100644
> --- a/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> +++ b/Platform/Qemu/SbsaQemu/SbsaQemu.fdf
> @@ -192,6 +192,7 @@ [FV.FvMain]
> INF ArmPkg/Drivers/TimerDxe/TimerDxe.inf
> INF OvmfPkg/VirtNorFlashDxe/VirtNorFlashDxe.inf
> INF MdeModulePkg/Universal/WatchdogTimerDxe/WatchdogTimer.inf
> + INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
>
> #
> # FAT filesystem + GPT/MBR partitioning + UDF filesystem
>
> ---
> base-commit: c7ed8deaa8c1d7ee83af994b2c90d4490ef27bdc
> change-id: 20240703-efi-rng-protocol-be991536709a
>
> Best regards,
> --
> Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
>
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119793): https://edk2.groups.io/g/devel/message/119793
Mute This Topic: https://groups.io/mt/107018350/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [edk2-devel] [PATCH edk2-platforms v2] SbsaQemu: use FEAT_RNG for EFI_RNG_PROTOCOL
2024-07-04 11:27 ` Leif Lindholm
@ 2024-07-04 11:40 ` Marcin Juszkiewicz
0 siblings, 0 replies; 3+ messages in thread
From: Marcin Juszkiewicz @ 2024-07-04 11:40 UTC (permalink / raw)
To: devel, Leif Lindholm; +Cc: Ard Biesheuvel, Graeme Gregory
Dnia czwartek, 4 lipca 2024 13:27:38 CEST Leif Lindholm pisze:
> > By default we have Neoverse-N2 cpu which supports FEAT_RNG feature. This
> > allows us to add RngDxe to have EFI_RNG_PROTOCOL available on
> > Neoverse-N2 and 'max' cpu cores.
> >
> > Commit 5de5e230a80bed083360da95ba16a2c4a001620d (in EDK2) enabled that for
> > ArmVirt platform.
> >
> > RNDR is implemented by both Neoverse-N2 and 'max' cpu implemented by QEMU.
> > Other cpu models lack it which prevents the RngDxe driver from running,
> > resulting in the same situation as before.
> >
> > TRNG is not implemented in TCG mode but is required by RngDxe to run.
> >
> > On older cpu cores nothing changes.
> >
> > Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
>
> Thanks!
>
> Reviewed-by: Leif Lindholm <quic_llindhol@quicinc.com>
> With one niggle below:
Thanks. Fixed and pushed as 25d66c5b9e5cd672b6e2723d4308cd815639f880
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#119794): https://edk2.groups.io/g/devel/message/119794
Mute This Topic: https://groups.io/mt/107018350/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-07-04 11:43 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-07-03 12:39 [edk2-devel] [PATCH edk2-platforms v2] SbsaQemu: use FEAT_RNG for EFI_RNG_PROTOCOL Marcin Juszkiewicz
2024-07-04 11:27 ` Leif Lindholm
2024-07-04 11:40 ` Marcin Juszkiewicz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox