From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 822991A1DFC for ; Sat, 17 Sep 2016 09:46:34 -0700 (PDT) Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga105.fm.intel.com with ESMTP; 17 Sep 2016 09:46:34 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.30,351,1470726000"; d="scan'208";a="880562151" Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206]) by orsmga003.jf.intel.com with ESMTP; 17 Sep 2016 09:46:34 -0700 Received: from fmsmsx112.amr.corp.intel.com (10.18.116.6) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.248.2; Sat, 17 Sep 2016 09:46:33 -0700 Received: from shsmsx104.ccr.corp.intel.com (10.239.4.70) by FMSMSX112.amr.corp.intel.com (10.18.116.6) with Microsoft SMTP Server (TLS) id 14.3.248.2; Sat, 17 Sep 2016 09:46:33 -0700 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.209]) by SHSMSX104.ccr.corp.intel.com ([169.254.5.174]) with mapi id 14.03.0248.002; Sun, 18 Sep 2016 00:46:31 +0800 From: "Long, Qin" To: Ard Biesheuvel , "Palmer, Thomas" CC: "edk2-devel@lists.01.org" , "Gibbons, Pat" Thread-Topic: [edk2] RNG algo question Thread-Index: AdIQYfLEVWGnMRQLSv28250nPBbJRwADsHcAACPI0BA= Date: Sat, 17 Sep 2016 16:46:31 +0000 Message-ID: References: In-Reply-To: Accept-Language: zh-CN, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: RNG algo question X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Sep 2016 16:46:34 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Exactly. Thanks, Ard. gEfiRngAlgorithmRaw is designed to provide entropy directly (defined in UEF= I spec), which is intended to use the DRNG to seed in an ongoing manner som= e current software PRNG. Though RDRAND is quite usable as a source of rando= m values. For standards compliance, some may feel it necessary to demand an= absolute guarantee that values returned by RDRAND reflect independent entr= opy samples within the DRNG. One choice is to use RdSeed instruction direct= ly. The current implementation leverage the reseeding guarantee of the DRBG= to generate random seeds from values obtained via RDRAND (for the processo= r that do not support the RDSEED). For gEfiRngAlgorithmSp80090Ctr256Guid, the current RdRand output is already= compliant with NIST SP800-90C standards. More information can be referred from https://software.intel.com/en-us/arti= cles/intel-digital-random-number-generator-drng-software-implementation-gui= de Best Regards & Thanks, LONG, Qin -----Original Message----- From: edk2-devel [mailto:edk2-devel-bounces@lists.01.org] On Behalf Of Ard = Biesheuvel Sent: Saturday, September 17, 2016 3:19 PM To: Palmer, Thomas Cc: edk2-devel@lists.01.org; Gibbons, Pat Subject: Re: [edk2] RNG algo question On 16 September 2016 at 22:33, Palmer, Thomas wrote= : > > EDK2 community > > Why is the RngGetRNG sending requests for "gEfiRngAlgorithmRaw" to "RdR= andGenerateEntropy", which does AES operations on RDRAND output, whereas t= he requests for "gEfiRngAlgorithmSp80090Ctr256Guid" get sent to RdRandGetBy= tes which simply reads the rdrand source without modification. > > Shouldn't the processing be switched, so that "Raw" goes to RdRandGetByte= s and "gEfiRngAlgorithmSp80090Ctr256Guid" goes to RdRandGenerateEntropy? I= did not see anything in the UEFI 2.5 spec indicating why this was the case= . > The RDRAND instruction does not give you raw entropy, but the output of a D= RBG. So the 'raw' entropy is being emulated by taking multiple rounds of RD= RAND output and shuffling it around to make it 'raw' >>From the top of RngDxe.c: RNG Algoritnms defined in UEFI 2.4: - EFI_RNG_ALGORITHM_SP800_90_CTR_256_GUID - Supported (RDRAND implements a hardware NIST SP800-90 AES-CTR-256 based DRBG) - EFI_RNG_ALGORITHM_RAW - Supported (Structuring RDRAND invocation can be guaranteed as high-quality entro= py source) _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel