So this patch is necessary as otherwise, QEMU fails to boot due to a missing source of randomness in the network drivers, right?
So I added this based on your initial suggestion to get the ArmVirtPkg working - running it locally (and against the pipelines) shows this isn't necessary. So I'll drop the commits.
There were concerns around compatibility, however the only fallback we would be able to do from NetworkPkg is depend on the time based LCG that we've considered a high profile CVE. This is where NetworkPkg must depend on the platform to provide it Rng and Hashing services. Fundamentally the platform must own it's own security.
RNDR raises another interesting problem, by the way - the ARM arch spec requires RNDR to be backed by an appropriate DRBG that complies with the NIST spec but it does not specify which one. IOW, it is backed by a DRBG not by a raw entropy source, but specifying which DRBG (by GUID) is not generally feasible, as the guest VM firmware cannot interrogate the host about which DRBG is behind RNDR.
This is why the PCD PcdEnforceSecureRngAlgorithms
exists. The platform can make the determination to depend on default if they understand the security implications behind that. Additionally, the platform is free to override RngDxe and provide their own implementations.
You receive all messages sent to this group.
View/Reply Online (#118767) |
|
Mute This Topic
| New Topic
Your Subscription |
Contact Group Owner |
Unsubscribe
[rebecca@openfw.io]