From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) by mx.groups.io with SMTP id smtpd.web10.7626.1688070490826415471 for ; Thu, 29 Jun 2023 13:28:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20221208 header.b=jzWpLbvg; spf=pass (domain: gmail.com, ip: 209.85.215.172, mailfrom: kuqin12@gmail.com) Received: by mail-pg1-f172.google.com with SMTP id 41be03b00d2f7-55b1238cab4so685860a12.2 for ; Thu, 29 Jun 2023 13:28:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1688070490; x=1690662490; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=iczUwm3gbTaCoQefWsGiVzQFTnfKU4k1A6lK73iTGdU=; b=jzWpLbvgeBpMO7EH1DO+8u1fihV8cQZIr8aLUfAemUQceUwuTb1v5c1TvMWhxrbfN6 0lxbE6OvQFiSAyqLqOw2kSBiNotgYUwOvhtw42McVyfvdZrFW+d8GlErnTdWb/e0Fw7/ RPO1PlH8cp3WVKmBg/wPaOmhaBQOADVGnwRVGjW5WGwf4zRqUnTmhbiZQWLXmM9zTwth qBEckvHGLelhgpxw2um3sO57CKFsDEmW9d09sHIhAZCC8YS2AMgwZiJFXpTtYNRo5zzw eJeHRuNHRrazDbg1Zj0GApyH1PIKx01P7SvHWyReXklSTQvJEHpk5YgniJO5jKSM07zl RJBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688070490; x=1690662490; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=iczUwm3gbTaCoQefWsGiVzQFTnfKU4k1A6lK73iTGdU=; b=Hc/c+1qY/LToa1d6CnfS7Tw08w/lwccHUNLM5tyrcw87Vxk07J7P+yz8+WxRFjrDYU Xrq0k6I6LK4EQBT3jzjxf/7DqyVtSSGu3WqZibrYveplxo1BDpQqyFb4TFlFNQ1Ht5kW Anfup5ULMq023GQw1hE7dik2BI9Pk0hvIgTdoAMcwQNwz0xumCKTikTA0JDcAlrnGJbP H9ZQz6MX+pQtWu3orbQJ5NLNYGywZ7ENpVSW1IQiI2JPiAlna8vIIbe5IbNm4tWuNoQv 5tT/MczZWvIzcFAuc+OMK9LdWgOLsdhuLjfqlMw2AQFtmt8QS6p+Ik+yVScHoZTvEQoN PYmQ== X-Gm-Message-State: ABy/qLb/Fa/BBVt8pPjovCYzLKyx/5+E4/77iX0+sQDd5x58ZJy07jHq /82TC+ukUk+lPo0x+y4BLEc= X-Google-Smtp-Source: APBJJlE4hgQJJ7Vv+9/zqwsy4pFxzTN6u7fmRJeVxn6x+HsBl9UPwfhyTHa//G/1TClaJOfgvf0Wog== X-Received: by 2002:a17:903:32c8:b0:1b6:78a1:93c7 with SMTP id i8-20020a17090332c800b001b678a193c7mr204598plr.39.1688070489943; Thu, 29 Jun 2023 13:28:09 -0700 (PDT) Return-Path: Received: from ?IPV6:2001:4898:d8:33:956:7e07:c1c3:d47a? ([2001:4898:80e8:1:8977:7e07:c1c3:d47a]) by smtp.gmail.com with ESMTPSA id o4-20020a170902d4c400b001b86dd825e7sm7046plg.108.2023.06.29.13.28.09 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 29 Jun 2023 13:28:09 -0700 (PDT) Message-ID: <9cd9d524-15f4-cf0d-bf8c-0e32ed66db4b@gmail.com> Date: Thu, 29 Jun 2023 13:28:08 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Subject: Re: [PATCH v1 0/2] Fixing RngDxe error for ARM/AARCH64 To: Pierre Gondois , devel@edk2.groups.io Cc: Jiewen Yao , Jian J Wang , Sami Mujawar References: <20230628203357.2001-1-kuqin12@gmail.com> <2c8316c4-2e12-87c2-a90b-16bcdb9e2749@arm.com> From: "Kun Qin" In-Reply-To: <2c8316c4-2e12-87c2-a90b-16bcdb9e2749@arm.com> Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Hi Pierre/Sami, Thanks for the information. I tried the patch set you referred, it seems to have resolved the zero GUID handling issue! So I am okay to drop the commit here: https://edk2.groups.io/g/devel/message/106484 I also have a few questions on the patch set beyond functionality, we can discuss it there. However, this specific patch is still needed to fix the access violation issue (thanks for the reviewed-by tag, Sami): https://edk2.groups.io/g/devel/message/106485 I can send a v2 to reflect the feedback above. Thanks, Kun On 6/28/2023 11:43 PM, Pierre Gondois wrote: > Hello Kun, > > Thanks for the patch-set, there is another patch-set that also aims to > fix the logic at: > https://edk2.groups.io/g/devel/message/104341 > > but I haven't got feedback so far. Would it be possible to try it out > to see if > it also solves your issue ? > > Regards, > Pierre > > On 6/28/23 22:33, Kun Qin wrote: >> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4491 >> >> On an ARM system that does not support firmware TRNG, the current logic >> from RngDxe will cause the system to assert at the below line: >> `ASSERT (Index != mAvailableAlgoArrayCount);` >> >> The reason seems to be: >> 1. When initializing the number of `mAvailableAlgoArrayCount`, the logic >> will only treat the zero guid of "PcdCpuRngSupportedAlgorithm" as a >> warning and still increment the counter because "RngGetBytes" might >> still >> succeed: >> https://github.com/tianocore/edk2/blob/1a39bdf2c53858ebb39e6de1362203c65c163c63/SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c#L51C3-L51C3. >> >> 2. This will cause the main entry to publish the RNG protocol and accept >> further usage. >> 3. However, during usage, the zero guid is always filtered out: >> https://github.com/tianocore/edk2/blob/1a39bdf2c53858ebb39e6de1362203c65c163c63/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c#L91. >> >> Thus, this will cause the system to always not able to find the >> algorithm >> and fail the boot with an assert. >> >> The suggestion is to at least make the logic of initializing >> "mAvailableAlgoArrayCount" consistent and filtering algorithm >> consistent. >> >> In addition, the usage of `mAvailableAlgoArray` will always trigger a >> data abortion error, which is caused by buffer allocated is >> `RNG_AVAILABLE_ALGO_MAX` number of bytes, which should be >> `RNG_AVAILABLE_ALGO_MAX` nubmer of EFI_RNG_ALGORITHM. >> >> This patch fixed the 2 issues above. The change is verified on QEMU >> virtual platform and proprietary physical platform. >> >> Patch v1 branch: https://github.com/kuqin12/edk2/tree/fix_rng_edk2_v1 >> >> Cc: Jiewen Yao >> Cc: Jian J Wang >> Cc: Sami Mujawar >> Cc: Pierre Gondois >> >> Kun Qin (2): >>    SecurityPkg: RngDxe: Unify handling of zero guid >>    SecurityPkg: RngDxe: Fixing mAvailableAlgoArray allocator >> >>   SecurityPkg/RandomNumberGenerator/RngDxe/AArch64/AArch64Algo.c | 9 >> +++++---- >>   SecurityPkg/RandomNumberGenerator/RngDxe/Arm/ArmAlgo.c | 2 +- >>   2 files changed, 6 insertions(+), 5 deletions(-) >>