From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
 by mx.groups.io with SMTP id smtpd.web11.7527.1689168946199997168
 for <devel@edk2.groups.io>;
 Wed, 12 Jul 2023 06:35:46 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: pierre.gondois@arm.com)
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
	by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 43AF4D75;
	Wed, 12 Jul 2023 06:36:28 -0700 (PDT)
Received: from [192.168.1.12] (unknown [172.31.20.19])
	by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id A6B123F67D;
	Wed, 12 Jul 2023 06:35:43 -0700 (PDT)
Message-ID: <89b3561e-3513-6761-2fe8-13338f43f48d@arm.com>
Date: Wed, 12 Jul 2023 15:35:28 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.11.0
Subject: Re: [PATCH v4 0/8] SecurityPkg/MdePkg: Update RngLib GUID identification
To: devel@edk2.groups.io
Cc: Michael D Kinney <michael.d.kinney@intel.com>,
 Liming Gao <gaoliming@byosoft.com.cn>, Zhiguang Liu
 <zhiguang.liu@intel.com>, Jiewen Yao <jiewen.yao@intel.com>,
 Jian J Wang <jian.j.wang@intel.com>,
 Ard Biesheuvel <ardb+tianocore@kernel.org>,
 Sami Mujawar <sami.mujawar@arm.com>, Jose Marinho <Jose.Marinho@arm.com>,
 Kun Qin <kuqin12@gmail.com>
References: <20230712132947.332643-1-pierre.gondois@arm.com>
From: "PierreGondois" <pierre.gondois@arm.com>
In-Reply-To: <20230712132947.332643-1-pierre.gondois@arm.com>
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

The patch reflecting the move of BaseRngLibTimerLib to MdeModulePkg
is available at: https://edk2.groups.io/g/devel/message/106865

On 7/12/23 15:29, pierre.gondois@arm.com wrote:
> From: Pierre Gondois <pierre.gondois@arm.com>
> 
> v4:
> - New patches:
>    - [1/8] MdePkg: Move BaseRngLibTimerLib to MdeModulePkg
>    - [5/8] MdeModulePkg/Rng: Add GUID to describe unsafe Rng algorithms
> - This patch-set now requires to be accepted along an edk-platforms patch
>    moving the BaseRngLibTimerLib to MdeModulePkg
> 
> v3:
> - As the unsafe algorithm GUID will not be added to the UEFI
>    specification, rename:
>    - gEfiRngAlgorithmUnSafe to gEdkiiRngAlgorithmUnSafe
>    - EFI_RNG_ALGORITHM_UNSAFE to EDKII_RNG_ALGORITHM_UNSAFE
> 
> v2:
> [1/8] MdePkg/ArmTrngLib: Remove ASSERTs in Null implementation
> - Dropped
> [2/8] MdePkg/MdePkg.dec: Move PcdCpuRngSupportedAlgorithm to MdePkg
> - Change gEfiMdePkgTokenSpaceGuid.PcdCpuRngSupportedAlgorithm
>    token number
> - Rename to SecurityPkg/SecurityPkg.dec: Move
>    PcdCpuRngSupportedAlgorithm to MdePkg
> [5/8] MdePkg/Rng: Add GetRngGuid() to RngLib
> - Remove gEfiRngAlgorithmUnSafe from inf file
> - Split Guids definitions in arch specific sections
> [6/8] SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib
> - Remove RngFindDefaultAlgo() and change logic accordingly.
> [7/8] SecurityPkg/RngDxe: Select safe default Rng algorithm
> - Dropped due to changes in [6/8]
> 
> This patch also requires the following patch on top of the serie:
> - https://edk2.groups.io/g/devel/message/106546
> 
> This patchset follows the 'code first' approach and relates to [1].
> This patchset follows the thread at [3] that aims to solve [2].
> [1] and [2] are bound and this patchset aims to solve both.
> 
> In this patchset:
> a-
> The RngDxe can rely on the RngLib. However the RngLib has no
> interface allowing to describe which Rng algorithm is implemented.
> The RngDxe must advertise the algorithm that are available through
> the RngGetInfo() callback.
> Add a GetRngGuid() for interface to the RngLib.
> 
> b-
> The Arm Architecture states the RNDR that the DRBG algorithm should
> be compliant with NIST SP800-90A, while not mandating a particular
> algorithm, so as to be inclusive of different geographies.
> The RngLib can rely on this Arm RNDR instruction. In order to
> accurately describe the implementation using the RNDR instruction,
> add a EFI_RNG_ALGORITHM_ARM_RNDR GUID [1].
> 
> c-
> For the same reason as a/b, add a GUID describing unsafe RNG
> algorithms, allowing to accurately describe the BaseRngLibTimerLib.
> 
> d-
> Use a/b/c mechanisms/GUIDs to select a safe Rng algorithm in the
> Arm implementation of the RngDxe.
> 
> [1] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4441
> [2] BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4151
> [3] https://edk2.groups.io/g/devel/message/100806
> 
> Pierre Gondois (8):
>    MdePkg: Move BaseRngLibTimerLib to MdeModulePkg
>    SecurityPkg/SecurityPkg.dec: Move PcdCpuRngSupportedAlgorithm to
>      MdePkg
>    MdePkg/DxeRngLib: Request raw algorithm instead of default
>    MdePkg/Rng: Add GUID to describe Arm Rndr Rng algorithms
>    MdeModulePkg/Rng: Add GUID to describe unsafe Rng algorithms
>    MdePkg/Rng: Add GetRngGuid() to RngLib
>    SecurityPkg/RngDxe: Use GetRngGuid() when probing RngLib
>    SecurityPkg/RngDxe: Simplify Rng algorithm selection for Arm
> 
>   ArmVirtPkg/ArmVirt.dsc.inc                    |  2 +-
>   EmulatorPkg/EmulatorPkg.dsc                   |  2 +-
>   MdeModulePkg/Include/Guid/RngAlgorithm.h      | 23 ++++++++
>   .../BaseRngLibTimerLib/BaseRngLibTimerLib.inf |  4 ++
>   .../BaseRngLibTimerLib/BaseRngLibTimerLib.uni |  0
>   .../Library/BaseRngLibTimerLib/RngLibTimer.c  | 28 ++++++++++
>   MdeModulePkg/MdeModulePkg.dec                 |  3 +
>   MdeModulePkg/MdeModulePkg.dsc                 |  1 +
>   MdePkg/Include/Library/RngLib.h               | 17 ++++++
>   MdePkg/Include/Protocol/Rng.h                 | 10 ++++
>   MdePkg/Library/BaseRngLib/AArch64/Rndr.c      | 42 ++++++++++++++
>   MdePkg/Library/BaseRngLib/BaseRngLib.inf      | 10 ++++
>   MdePkg/Library/BaseRngLib/Rand/RdRand.c       | 26 +++++++++
>   .../Library/BaseRngLibNull/BaseRngLibNull.c   | 22 ++++++++
>   MdePkg/Library/DxeRngLib/DxeRngLib.c          | 36 +++++++++++-
>   MdePkg/MdePkg.dec                             |  6 ++
>   MdePkg/MdePkg.dsc                             |  1 -
>   NetworkPkg/NetworkPkg.dsc                     |  4 +-
>   OvmfPkg/AmdSev/AmdSevX64.dsc                  |  2 +-
>   OvmfPkg/Bhyve/BhyveX64.dsc                    |  2 +-
>   OvmfPkg/CloudHv/CloudHvX64.dsc                |  2 +-
>   OvmfPkg/IntelTdx/IntelTdxX64.dsc              |  2 +-
>   OvmfPkg/Microvm/MicrovmX64.dsc                |  2 +-
>   OvmfPkg/OvmfPkgIa32.dsc                       |  2 +-
>   OvmfPkg/OvmfPkgIa32X64.dsc                    |  2 +-
>   OvmfPkg/OvmfPkgX64.dsc                        |  2 +-
>   OvmfPkg/OvmfXen.dsc                           |  2 +-
>   OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc           |  2 +-
>   .../RngDxe/AArch64/AArch64Algo.c              | 55 +++++++++++++------
>   .../RandomNumberGenerator/RngDxe/ArmRngDxe.c  | 23 +++-----
>   .../RandomNumberGenerator/RngDxe/RngDxe.inf   |  5 +-
>   SecurityPkg/SecurityPkg.dec                   |  2 -
>   SecurityPkg/SecurityPkg.dsc                   |  4 +-
>   SignedCapsulePkg/SignedCapsulePkg.dsc         |  4 +-
>   34 files changed, 294 insertions(+), 56 deletions(-)
>   create mode 100644 MdeModulePkg/Include/Guid/RngAlgorithm.h
>   rename {MdePkg => MdeModulePkg}/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf (91%)
>   rename {MdePkg => MdeModulePkg}/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni (100%)
>   rename {MdePkg => MdeModulePkg}/Library/BaseRngLibTimerLib/RngLibTimer.c (83%)
>