From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id B9FCEAC178A for ; Thu, 9 May 2024 18:21:08 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=aYK+t4/5aeBN5g4tjl1sdfQx7vFHTpRI6BIq66wHwRE=; c=relaxed/simple; d=groups.io; h=Subject:To:From:User-Agent:MIME-Version:Date:References:In-Reply-To:Message-ID:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type; s=20240206; t=1715278867; v=1; b=yvA7wuklRAOFdLIA4ps3MySGy7vS9yZmavgtU/0VpHrPIHYXAE3idlI891Up7m8Ciczs5hnV v1hoY2pz1Od96WE3wapEp1qbz9DYkXZqRBMDR2C2xDdxB+LcNm1t8Wwx27bUjI64ikEyYlT1+11 J0PJIaJst3QANSwrgcDaod+ePHCSbrcvo1UA/ohvB9GI1/0j2WaHWIK1FlIMsQZExQPsCZ1UNRB Fdbuq5AZZv3AY/d5QaulUXmlW8OGXV+KXFdIXr3LF/z8YPNV25H8QGvE7unFGxk3cGm2+nlUx3D yDK5k8yagZSU8/hmuN6YO8r4Xf+MMf/tEXFAxdHtv10sg== X-Received: by 127.0.0.2 with SMTP id y7seYY7687511xB0IoNx2S27; Thu, 09 May 2024 11:21:07 -0700 Subject: Re: [edk2-devel] [PATCH v2 03/13] OvmfPkg:PlatformCI: Support virtio-rng-pci To: "Ard Biesheuvel" , devel@edk2.groups.io From: "Doug Flick via groups.io" X-Originating-Location: Redmond, Washington, US (131.107.174.184) X-Originating-Platform: Windows Chrome 124 User-Agent: GROUPS.IO Web Poster MIME-Version: 1.0 Date: Thu, 09 May 2024 11:21:06 -0700 References: In-Reply-To: Message-ID: <9250.1715278866341053340@groups.io> Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,dougflick@microsoft.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: gEeCeGMDpvziqsEndVHnzDCBx7686176AA= Content-Type: multipart/alternative; boundary="18FK6H1Ep6HT0CiD7PXB" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=yvA7wukl; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io --18FK6H1Ep6HT0CiD7PXB Content-Type: text/plain; charset="utf-8"; markup=markdown Content-Transfer-Encoding: quoted-printable > > So this patch is necessary as otherwise, QEMU fails to boot due to a > missing source of randomness in the network drivers, right? > So I added this based on your initial suggestion to get the ArmVirtPkg work= ing - running it locally (and against the pipelines) shows this isn't neces= sary. So I'll drop the commits. There were concerns around compatibility, however the only fallback we woul= d be able to do from NetworkPkg is depend on the time based LCG that we've = considered a high profile CVE. This is where NetworkPkg must depend on the = platform to provide it Rng and Hashing services. Fundamentally the platform= must own it's own security.=20 > > RNDR raises another interesting problem, by the way - the ARM arch > spec requires RNDR to be backed by an appropriate DRBG that complies > with the NIST spec but it does not specify which one. IOW, it is > backed by a DRBG not by a raw entropy source, but specifying which > DRBG (by GUID) is not generally feasible, as the guest VM firmware > cannot interrogate the host about which DRBG is behind RNDR. > This is why the PCD `PcdEnforceSecureRngAlgorithms` exists. The platform ca= n make the determination to depend on default if they understand the securi= ty implications behind that. Additionally, the platform is free to override= RngDxe and provide their own implementations.=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118767): https://edk2.groups.io/g/devel/message/118767 Mute This Topic: https://groups.io/mt/105996580/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- --18FK6H1Ep6HT0CiD7PXB Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

So this patch is necessary as otherwise, QEMU fails to boot due to a missing source of randomness in the network drivers, right?

So I added this based on your initial suggestion to get the ArmVirtPkg w= orking - running it locally (and against the pipelines) shows this isn't ne= cessary. So I'll drop the commits.

There were concerns around compatibility, however the only fallback we w= ould be able to do from NetworkPkg is depend on the time based LCG that we'= ve considered a high profile CVE. This is where NetworkPkg must depend on t= he platform to provide it Rng and Hashing services. Fundamentally the platf= orm must own it's own security.

RNDR raises another interesting problem, by the way - the ARM arch spec requires RNDR to be backed by an appropriate DRBG that complies with the NIST spec but it does not specify which one. IOW, it is backed by a DRBG not by a raw entropy source, but specifying which DRBG (by GUID) is not generally feasible, as the guest VM firmware cannot interrogate the host about which DRBG is behind RNDR.

This is why the PCD PcdEnforceSecureRngAlgorithms exists. T= he platform can make the determination to depend on default if they underst= and the security implications behind that. Additionally, the platform is fr= ee to override RngDxe and provide their own implementations.

_._,_._,_
Groups.io Links:

=20 You receive all messages sent to this group. =20 =20

View/Reply Online (#118767) | =20 | Mute= This Topic | New Topic
Your Subscriptio= n | Contact Group Owner | Unsubscribe [rebecca@openfw.io]

_._,_._,_
--18FK6H1Ep6HT0CiD7PXB--