From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <qin.long@intel.com>
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 822991A1DFC
 for <edk2-devel@lists.01.org>; Sat, 17 Sep 2016 09:46:34 -0700 (PDT)
Received: from orsmga003.jf.intel.com ([10.7.209.27])
 by fmsmga105.fm.intel.com with ESMTP; 17 Sep 2016 09:46:34 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.30,351,1470726000"; d="scan'208";a="880562151"
Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206])
 by orsmga003.jf.intel.com with ESMTP; 17 Sep 2016 09:46:34 -0700
Received: from fmsmsx112.amr.corp.intel.com (10.18.116.6) by
 FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Sat, 17 Sep 2016 09:46:33 -0700
Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by
 FMSMSX112.amr.corp.intel.com (10.18.116.6) with Microsoft SMTP Server (TLS)
 id 14.3.248.2; Sat, 17 Sep 2016 09:46:33 -0700
Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.209]) by
 SHSMSX104.ccr.corp.intel.com ([169.254.5.174]) with mapi id 14.03.0248.002;
 Sun, 18 Sep 2016 00:46:31 +0800
From: "Long, Qin" <qin.long@intel.com>
To: Ard Biesheuvel <ard.biesheuvel@linaro.org>, "Palmer, Thomas"
 <thomas.palmer@hpe.com>
CC: "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>, "Gibbons, Pat"
 <pat.gibbons@hpe.com>
Thread-Topic: [edk2] RNG algo question
Thread-Index: AdIQYfLEVWGnMRQLSv28250nPBbJRwADsHcAACPI0BA=
Date: Sat, 17 Sep 2016 16:46:31 +0000
Message-ID: <BF2CCE9263284D428840004653A28B6E515245B7@SHSMSX103.ccr.corp.intel.com>
References: <CS1PR84MB0151756212B19885B1E53887EDF30@CS1PR84MB0151.NAMPRD84.PROD.OUTLOOK.COM>
 <CAKv+Gu8_d6si7V2GsrLDdxXwK40D=nhTeCpGsiC+d9R_B1OVYw@mail.gmail.com>
In-Reply-To: <CAKv+Gu8_d6si7V2GsrLDdxXwK40D=nhTeCpGsiC+d9R_B1OVYw@mail.gmail.com>
Accept-Language: zh-CN, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: RNG algo question
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Sep 2016 16:46:34 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Exactly. Thanks, Ard.

gEfiRngAlgorithmRaw is designed to provide entropy directly (defined in UEF=
I spec), which is intended to use the DRNG to seed in an ongoing manner som=
e current software PRNG. Though RDRAND is quite usable as a source of rando=
m values. For standards compliance, some may feel it necessary to demand an=
 absolute guarantee that values returned by RDRAND reflect independent entr=
opy samples within the DRNG. One choice is to use RdSeed instruction direct=
ly. The current implementation leverage the reseeding guarantee of the DRBG=
 to generate random seeds from values obtained via RDRAND (for the processo=
r that do not support the RDSEED).
For gEfiRngAlgorithmSp80090Ctr256Guid, the current RdRand output is already=
 compliant with NIST SP800-90C standards.

More information can be referred from https://software.intel.com/en-us/arti=
cles/intel-digital-random-number-generator-drng-software-implementation-gui=
de


Best Regards & Thanks,
LONG, Qin

-----Original Message-----
From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Ard =
Biesheuvel
Sent: Saturday, September 17, 2016 3:19 PM
To: Palmer, Thomas <thomas.palmer@hpe.com>
Cc: edk2-devel@lists.01.org; Gibbons, Pat <pat.gibbons@hpe.com>
Subject: Re: [edk2] RNG algo question

On 16 September 2016 at 22:33, Palmer, Thomas <thomas.palmer@hpe.com> wrote=
:
>
> EDK2 community
>
> Why is the RngGetRNG  sending requests for "gEfiRngAlgorithmRaw"  to "RdR=
andGenerateEntropy",  which does AES operations on RDRAND output, whereas t=
he requests for "gEfiRngAlgorithmSp80090Ctr256Guid" get sent to RdRandGetBy=
tes which simply reads the rdrand source without modification.
>
> Shouldn't the processing be switched, so that "Raw" goes to RdRandGetByte=
s and "gEfiRngAlgorithmSp80090Ctr256Guid" goes to RdRandGenerateEntropy?  I=
 did not see anything in the UEFI 2.5 spec indicating why this was the case=
.
>

The RDRAND instruction does not give you raw entropy, but the output of a D=
RBG. So the 'raw' entropy is being emulated by taking multiple rounds of RD=
RAND output and shuffling it around to make it 'raw'

>>From the top of RngDxe.c:

  RNG Algoritnms defined in UEFI 2.4:
   - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID  - Supported
     (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG)
   - EFI_RNG_ALGORITHM_RAW                    - Supported
     (Structuring RDRAND invocation can be guaranteed as high-quality entro=
py source) _______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel