From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
 by mx.groups.io with SMTP id smtpd.web08.1282.1645055895105851797
 for <devel@edk2.groups.io>;
 Wed, 16 Feb 2022 15:58:15 -0800
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=b/2JaAR1;
 spf=pass (domain: intel.com, ip: 192.55.52.43, mailfrom: guo.dong@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1645055895; x=1676591895;
  h=from:to:cc:subject:date:message-id:references:
   in-reply-to:content-transfer-encoding:mime-version;
  bh=mCyOoeUdtrfiVc5XUXZqwNaUIbMfe8kSERB8YUNZgik=;
  b=b/2JaAR11jTbgs4rTMaO+7oGY2xDXnMbrburvLP3hwhVBr+apiEqrSU6
   DSfzS6LJDUmJ6VMnRzAyoX0ytL9HBefEi0eR+PqorTMnhkDxDcnec+gOK
   b5Y9cf0wWQeMgSJ3Q2gA0MIfOlZ9czWHKWmtVF53fuN6jRyzMDcnD0+dB
   gt81fhm0fu1PA1GMoZ+QebF86knr0UNtvNsKNAZewIdoEpkvIBGONCK2s
   7rAv6IwEMZ44+X/VC5IRY7jR+t6wAEk4KcB3FjK8qSL7gJFY+fOwdKaQV
   9xguBtF6Z7KB1miO7j5eu7p2yZrqSqwGt2ZCLOg4ezT+Z1IY86+kV7BfV
   A==;
X-IronPort-AV: E=McAfee;i="6200,9189,10260"; a="337194326"
X-IronPort-AV: E=Sophos;i="5.88,374,1635231600"; 
   d="scan'208";a="337194326"
Received: from orsmga007.jf.intel.com ([10.7.209.58])
  by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Feb 2022 15:58:14 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.88,374,1635231600"; 
   d="scan'208";a="529795164"
Received: from fmsmsx602.amr.corp.intel.com ([10.18.126.82])
  by orsmga007.jf.intel.com with ESMTP; 16 Feb 2022 15:58:13 -0800
Received: from fmsmsx602.amr.corp.intel.com (10.18.126.82) by
 fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.20; Wed, 16 Feb 2022 15:58:13 -0800
Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by
 fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2308.20 via Frontend Transport; Wed, 16 Feb 2022 15:58:13 -0800
Received: from NAM04-DM6-obe.outbound.protection.outlook.com (104.47.73.45) by
 edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2308.20; Wed, 16 Feb 2022 15:58:12 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=EJurlDua4n2PY0synWY69Yl0ygQnhdvGvn0dMOdwJTlx40GiF98AGU5J2ZRRZCicYSraZJ/fAA8vEZCWsz9SSvaE8GhEUOdiRrIjGuMA7UbwRYNMDKrs4XJNH7vsAltdfd4t8g+lzN4W22S6w4uaVj9aLlAvT6b3u4D0aVOvIVIsBfnrKKtXe14uW1h75Wnt0pYRqUP4mDLgFY7oHxtBj69RYu1eQvLoZadHuOzqVqa/cgRNoQyzdeJJgsBzwbVitb26RocifAm6xN9V8KJEC9r0bCe1TzsntiSSidmtUHqoq3uhkCNrTFl1fQNS9CgOO2wqaaIqEM1WnkhKAEyGeA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=x0Fq48TLSYK4HnI0BLuo18tNfYooRMcI66qyZuVBx6g=;
 b=j8/lfgqYH/l+VAWgUDxsq+LwiEusHq8d1qejhnZijmLJsZnJY/fESouRVnzvZuAKOgOgtDuc0NO8RCxMGWa+w7uAj2SaycaKki3ogXKLopKgrDIHR9hnDlQa4T1uksTEasKjpLD9V59wUGZNciPoG1hHbFN/wgz+w5Ekm5xIOIRqcD5lIox6ZpNkcoGM9hFafYGoEUzGzQ6NRynN2DVsDXc1ckLCCi9R4vuS0Ph5hbLMFKtn1jSvFrN9wTKHGvt/4Ou8U1q989n/O9KM00UEjHXd1BCMDQPh45QSgA2x78EghjS74SvyVBwmzh2kITO4W6ogI0y7+gdHNEGfXLdRWw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
Received: from BYAPR11MB3622.namprd11.prod.outlook.com (2603:10b6:a03:fe::30)
 by MWHPR11MB1984.namprd11.prod.outlook.com (2603:10b6:300:110::11) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4995.16; Wed, 16 Feb
 2022 23:57:57 +0000
Received: from BYAPR11MB3622.namprd11.prod.outlook.com
 ([fe80::c461:5de1:9cf:23cf]) by BYAPR11MB3622.namprd11.prod.outlook.com
 ([fe80::c461:5de1:9cf:23cf%7]) with mapi id 15.20.4975.019; Wed, 16 Feb 2022
 23:57:57 +0000
From: "Guo Dong" <guo.dong@intel.com>
To: "Rhodes, Sean" <sean@starlabs.systems>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: Patrick Rudolph <patrick.rudolph@9elements.com>
Subject: Re: [PATCH 14/18] UefiPayloadPkg: Add RNG support
Thread-Topic: [PATCH 14/18] UefiPayloadPkg: Add RNG support
Thread-Index: AQHYHsULm9Z6k1HRdUaIsdcruIoP/6yW47uQ
Date: Wed, 16 Feb 2022 23:57:57 +0000
Message-ID: <BYAPR11MB3622D01F5175FF8B2039C0869E359@BYAPR11MB3622.namprd11.prod.outlook.com>
References: <df21ef7edddfef8074ba94514bf73d7a5d0d6046.1644527848.git.sean@starlabs.systems>
 <ed17ddb5ea99c1dd72c2ac5bc567fb2e01b9fdfc.1644527848.git.sean@starlabs.systems>
In-Reply-To: <ed17ddb5ea99c1dd72c2ac5bc567fb2e01b9fdfc.1644527848.git.sean@starlabs.systems>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-reaction: no-action
dlp-version: 11.6.200.16
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a35b7bb1-5ae6-4700-94a5-08d9f1a827be
x-ms-traffictypediagnostic: MWHPR11MB1984:EE_
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-microsoft-antispam-prvs: <MWHPR11MB1984DE16C63996CBB90F938D9E359@MWHPR11MB1984.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: xt+4HJZNSUT2FzHXNUyTvtSE2YXTTyPciILLZTwjbVrJgQ6itQS/HO3sm9upLz8YkuvPX2bLhsF10654i7CorjeIgt6Cb1l+N86oDS79rGuYtNCH94ONa8lisgrR6QrLUKgGGUYMXg4fFtisRABkrPRPlRsyNrbP6MnohJ2wBvRKyiHKvXgg1x8TwJwYbR8hqOcf9nd8P1YqkMDVIp+v0YHj5bsRjijPhh5qNrJewJbtOiMMzR3YKzmwYbkIDKB5IamtGNeXPp4v0ABvP+42vBrD/V9ZELZAMoTt2pqKgy+jGY9II35SMViOrBQEoZAXXggBiO5OC/lH5j6gvOEP0rhE9an0pqyVst4gbSjx4jhs7bvb99/bgl2JM/qgn2jXuw9V2d8ZlMGEApEafYIK/JHkMwE7Gg3gf8LmP+Ks5r0sLa/tJO6rsprnL5jMSIAdT4LufSAOLbYF31S+FQioJVbafS/zezWKe7SpfWshZS3YkZ3o6HCPDYCCSEps6lHDIvX+xI+cXg1nGCpnkSnNerbdLisLlEUPxSQ7iaLwBb63Zo3p4AgW6yWWBnnbV2AsDuiTrZ4arAsTGc5uKWCy1hpFakge+j19mxQouDZzxJl36K5Z/ud6fLtRoOv6fxGddGk7XeeA9BqihW8zv0aksKLhilIp6kXzMvsM4pyULB+Du/cjGVXc342vvC9Bf7UUzUfEyKJTRdFq9KIKt12cbg==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BYAPR11MB3622.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(86362001)(5660300002)(508600001)(122000001)(66946007)(66476007)(53546011)(26005)(186003)(82960400001)(52536014)(83380400001)(8936002)(316002)(38100700002)(4326008)(8676002)(33656002)(64756008)(9686003)(71200400001)(6506007)(66556008)(38070700005)(76116006)(66446008)(2906002)(55016003)(7696005)(110136005);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?kS605diw/Gr42VWCDtuhD2DBvL5UT2duudOxntfwHWRjUWl0ZhL+1NyvqnS5?=
 =?us-ascii?Q?Hv4tf40+RPydjV5QAGBJPSYcJj0iK7c6PXtrJ+QsvvH2fE2ppInEVyG9wmN8?=
 =?us-ascii?Q?kIAmGtCpRbo/hezbYDHMtPbo8KJjhXHHqXACnxqF/oFPpDmneSnXeBwzsL01?=
 =?us-ascii?Q?JO/KPZKDxddxa+dRH8oNdQIAtp7WRoAZ2ID7tvX7Xs3A8ghxrS3b6gfSLDPl?=
 =?us-ascii?Q?cGtCh3PDu4YVJxvFaoEmzj2D+UftiAo0XeKOVmbHa7RwPkgGPFOUYaPknspw?=
 =?us-ascii?Q?7mEWmCHJwpnikEGEHLGsO7LRkdccmJ52sy3doaPmzk95aLlb7YiBQir3LXI2?=
 =?us-ascii?Q?CXTt7vQiDd21uNU7lJ3k2H1vM0AygyFtmbCG6C2pva2ozKYDxL7niLtR86s4?=
 =?us-ascii?Q?vyA5W3do21So3cdrQWLZN9RAU7CJiyvt/UKsVFiTBM5rpvp3vvX8NmlabbFl?=
 =?us-ascii?Q?w0NKo9AbeIUgvXSTktuwam92otUZwYDC1xBGRU5ELi5T9BSN96q6mmvOts2g?=
 =?us-ascii?Q?azjI6TEhn85MhcdvPuyqQ//xqotvbECsrFEwrSJRz2OPZ4H+N7vVe/xcJjBW?=
 =?us-ascii?Q?8gpQGa/shX09ntbZg44TpGAs76an6yKnCwJSW3EBzyF2aGHnS1raGP7eUJN1?=
 =?us-ascii?Q?MA+Ww1fcaXEs6hPwUaoK3d0tBwA/H8ERqeZe8EiOswtW3DVkGDNdWrLe7Zxe?=
 =?us-ascii?Q?I684VZEUbStpPhMciL/hj2dG3oeJKkZt3tjtl1g0sPr7BRR9YtRlZfGmKAaG?=
 =?us-ascii?Q?4cDwa2JIsMQJyyuPdkKRmwXPznb8cS0I5gv7OwezoHuHRy1vvLOPVX7F9cTn?=
 =?us-ascii?Q?F402f36g4GKq4piapg/P2vaN4ScZWnw4ZQFd0q2keu31Itw5kBpRtbA0AUMD?=
 =?us-ascii?Q?XCTc2uvEBmdmKIcU5ZRfeR6QfJnJGr4EgD1YqVx23s23JdgctRa+mSyrqmWB?=
 =?us-ascii?Q?cwSPaLf0MTIjfrjrV//VOOKAziQPRVaEOyFPr9LNiHGGBSwhZC9rsc3/NfBN?=
 =?us-ascii?Q?DG/jQjzF9gN551Co2ElTMUco5XrUe/Ilc2R+ayx8zssdntF5LZyuYEP/9+aP?=
 =?us-ascii?Q?gKXOnHb177OGsG5aA/nFwme8dQdr/YSdCzJoujx3KvUQUaiz2A/xOsTufiDH?=
 =?us-ascii?Q?X+kJZUiGKL3BbCiCfvcuPpxxOLCFP5T2/Dfc0Ts7KW7i2GIDL2+Py0JHvmp7?=
 =?us-ascii?Q?cEwrlcAdFNNRs/vv7WroReMw/8DSeqiZAUCLH3iFb7jf05x67Q4p/rDEYGFq?=
 =?us-ascii?Q?bC5da4A3z9TBjIv2YN2ObvG6YX3zSikakf7I3xFnm6ldK/frBbDQVlLFeNpQ?=
 =?us-ascii?Q?BiXOmNZoEUKEhHQ6l8X2CYpYUwvruGAjY301r/wPU8GwzqkWMuZRbW4Vamb9?=
 =?us-ascii?Q?TgnHU87dhBQVq6CcVsh3Jk1GBedMS90QLiUNYm4jLr9b51/i2yfttB4LYORp?=
 =?us-ascii?Q?fFdZ+i/4kszU7SuvWXKUg73KrBID/tWprJRflfT65aLxEXehLtnRh1wg99Hr?=
 =?us-ascii?Q?C5CPUx+WZHbQbaDygiVLUZDWXM2MykDnK4FTdKub7ONO22afJikNNPYru7Nz?=
 =?us-ascii?Q?uet79h25AaKISflw50CB25L8JTHAJygPvI56E/DfEfPiKUoE4Zp4ubflYHmN?=
 =?us-ascii?Q?j2UylgufIobqc/qUuIc3W6g=3D?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3622.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a35b7bb1-5ae6-4700-94a5-08d9f1a827be
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Feb 2022 23:57:57.2143
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 2k+OMMkqMXyr6J+XS1YF3LpSalDTeNCV06pT937fM8d/pui15VYsxm8wx+US0AAETREFSFaHCIQWFhmv+2TVDQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1984
Return-Path: guo.dong@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


should we put BaseRngLib into SecurityPkg so that it could be used by other=
 platforms?

Thanks,
Guo

-----Original Message-----
From: Sean Rhodes <sean@starlabs.systems>=20
Sent: Thursday, February 10, 2022 2:28 PM
To: devel@edk2.groups.io
Cc: Dong, Guo <guo.dong@intel.com>; Patrick Rudolph <patrick.rudolph@9eleme=
nts.com>
Subject: [PATCH 14/18] UefiPayloadPkg: Add RNG support

From: Patrick Rudolph <patrick.rudolph@9elements.com>

Uses the RDRAND instruction if available and install EfiRngProtocol.
The protocol may be used by iPXE or the Linux kernel to gather entropy.

Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
---
 UefiPayloadPkg/Library/BaseRngLib/BaseRng.c   | 199 ++++++++++++++++++
 .../Library/BaseRngLib/BaseRngLib.inf         |  32 +++
 .../Library/BaseRngLib/BaseRngLib.uni         |  17 ++
 UefiPayloadPkg/UefiPayloadPkg.dsc             |   8 +
 UefiPayloadPkg/UefiPayloadPkg.fdf             |   4 +
 5 files changed, 260 insertions(+)
 create mode 100644 UefiPayloadPkg/Library/BaseRngLib/BaseRng.c
 create mode 100644 UefiPayloadPkg/Library/BaseRngLib/BaseRngLib.inf
 create mode 100644 UefiPayloadPkg/Library/BaseRngLib/BaseRngLib.uni

diff --git a/UefiPayloadPkg/Library/BaseRngLib/BaseRng.c b/UefiPayloadPkg/L=
ibrary/BaseRngLib/BaseRng.c
new file mode 100644
index 0000000000..c21e713cb0
--- /dev/null
+++ b/UefiPayloadPkg/Library/BaseRngLib/BaseRng.c
@@ -0,0 +1,199 @@
+/** @file

+  Random number generator services that uses RdRand instruction access

+  to provide high-quality random numbers.

+

+Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>

+SPDX-License-Identifier: BSD-2-Clause-Patent

+

+**/

+

+#include <Library/BaseLib.h>

+#include <Library/DebugLib.h>

+#include <Register/Intel/Cpuid.h>

+

+STATIC BOOLEAN  mHasRdRand;

+

+//

+// Bit mask used to determine if RdRand instruction is supported.

+//

+#define RDRAND_MASK  BIT30

+

+//

+// Limited retry number when valid random data is returned.

+// Uses the recommended value defined in Section 7.3.17 of "Intel 64 and I=
A-32

+// Architectures Software Developer's Mannual".

+//

+#define RDRAND_RETRY_LIMIT  10

+

+/**

+  The constructor function checks whether or not RDRAND instruction is sup=
ported

+  by the host hardware.

+

+  The constructor function checks whether or not RDRAND instruction is sup=
ported.

+  It will always return RETURN_SUCCESS.

+

+  @retval RETURN_SUCCESS   The constructor always returns EFI_SUCCESS.

+

+**/

+RETURN_STATUS

+EFIAPI

+BaseRngLibConstructor (

+  VOID

+  )

+{

+  UINT32  RegEax;

+  UINT32  RegEcx;

+

+  AsmCpuid (CPUID_SIGNATURE, &RegEax, NULL, NULL, NULL);

+  if (RegEax < 1) {

+    mHasRdRand =3D FALSE;

+    return RETURN_SUCCESS;

+  }

+

+  //

+  // Determine RDRAND support by examining bit 30 of the ECX register retu=
rned by

+  // CPUID. A value of 1 indicates that processor support RDRAND instructi=
on.

+  //

+  AsmCpuid (CPUID_VERSION_INFO, 0, 0, &RegEcx, 0);

+

+  mHasRdRand =3D ((RegEcx & RDRAND_MASK) =3D=3D RDRAND_MASK);

+

+  return RETURN_SUCCESS;

+}

+

+/**

+  Generates a 16-bit random number.

+

+  if Rand is NULL, then ASSERT().

+

+  @param[out] Rand     Buffer pointer to store the 16-bit random value.

+

+  @retval TRUE         Random number generated successfully.

+  @retval FALSE        Failed to generate the random number.

+

+**/

+BOOLEAN

+EFIAPI

+GetRandomNumber16 (

+  OUT     UINT16  *Rand

+  )

+{

+  UINT32  Index;

+

+  ASSERT (Rand !=3D NULL);

+

+  if (mHasRdRand) {

+    //

+    // A loop to fetch a 16 bit random value with a retry count limit.

+    //

+    for (Index =3D 0; Index < RDRAND_RETRY_LIMIT; Index++) {

+      if (AsmRdRand16 (Rand)) {

+        return TRUE;

+      }

+    }

+  }

+

+  return FALSE;

+}

+

+/**

+  Generates a 32-bit random number.

+

+  if Rand is NULL, then ASSERT().

+

+  @param[out] Rand     Buffer pointer to store the 32-bit random value.

+

+  @retval TRUE         Random number generated successfully.

+  @retval FALSE        Failed to generate the random number.

+

+**/

+BOOLEAN

+EFIAPI

+GetRandomNumber32 (

+  OUT     UINT32  *Rand

+  )

+{

+  UINT32  Index;

+

+  ASSERT (Rand !=3D NULL);

+

+  if (mHasRdRand) {

+    //

+    // A loop to fetch a 32 bit random value with a retry count limit.

+    //

+    for (Index =3D 0; Index < RDRAND_RETRY_LIMIT; Index++) {

+      if (AsmRdRand32 (Rand)) {

+        return TRUE;

+      }

+    }

+  }

+

+  return FALSE;

+}

+

+/**

+  Generates a 64-bit random number.

+

+  if Rand is NULL, then ASSERT().

+

+  @param[out] Rand     Buffer pointer to store the 64-bit random value.

+

+  @retval TRUE         Random number generated successfully.

+  @retval FALSE        Failed to generate the random number.

+

+**/

+BOOLEAN

+EFIAPI

+GetRandomNumber64 (

+  OUT     UINT64  *Rand

+  )

+{

+  UINT32  Index;

+

+  ASSERT (Rand !=3D NULL);

+

+  if (mHasRdRand) {

+    //

+    // A loop to fetch a 64 bit random value with a retry count limit.

+    //

+    for (Index =3D 0; Index < RDRAND_RETRY_LIMIT; Index++) {

+      if (AsmRdRand64 (Rand)) {

+        return TRUE;

+      }

+    }

+  }

+

+  return FALSE;

+}

+

+/**

+  Generates a 128-bit random number.

+

+  if Rand is NULL, then ASSERT().

+

+  @param[out] Rand     Buffer pointer to store the 128-bit random value.

+

+  @retval TRUE         Random number generated successfully.

+  @retval FALSE        Failed to generate the random number.

+

+**/

+BOOLEAN

+EFIAPI

+GetRandomNumber128 (

+  OUT     UINT64  *Rand

+  )

+{

+  ASSERT (Rand !=3D NULL);

+

+  //

+  // Read first 64 bits

+  //

+  if (!GetRandomNumber64 (Rand)) {

+    return FALSE;

+  }

+

+  //

+  // Read second 64 bits

+  //

+  return GetRandomNumber64 (++Rand);

+}

diff --git a/UefiPayloadPkg/Library/BaseRngLib/BaseRngLib.inf b/UefiPayload=
Pkg/Library/BaseRngLib/BaseRngLib.inf
new file mode 100644
index 0000000000..67a91ccfff
--- /dev/null
+++ b/UefiPayloadPkg/Library/BaseRngLib/BaseRngLib.inf
@@ -0,0 +1,32 @@
+## @file

+#  Instance of RNG (Random Number Generator) Library.

+#

+#  Copyright (c) 2020 9elements Agency GmbH.<BR>

+#

+#  SPDX-License-Identifier: BSD-2-Clause-Patent

+#

+##

+

+[Defines]

+  INF_VERSION                    =3D 0x00010005

+  BASE_NAME                      =3D BaseRngLib

+  MODULE_UNI_FILE                =3D BaseRngLib.uni

+  FILE_GUID                      =3D 05C48431-DE18-4550-931A-3350E8551498

+  MODULE_TYPE                    =3D BASE

+  VERSION_STRING                 =3D 1.0

+  LIBRARY_CLASS                  =3D RngLib

+  CONSTRUCTOR                    =3D BaseRngLibConstructor

+

+#

+#  VALID_ARCHITECTURES           =3D IA32 X64

+#

+

+[Sources.Ia32, Sources.X64]

+  BaseRng.c

+

+[Packages]

+  MdePkg/MdePkg.dec

+

+[LibraryClasses]

+  BaseLib

+  DebugLib

diff --git a/UefiPayloadPkg/Library/BaseRngLib/BaseRngLib.uni b/UefiPayload=
Pkg/Library/BaseRngLib/BaseRngLib.uni
new file mode 100644
index 0000000000..f3ed954c52
--- /dev/null
+++ b/UefiPayloadPkg/Library/BaseRngLib/BaseRngLib.uni
@@ -0,0 +1,17 @@
+// /** @file

+// Instance of RNG (Random Number Generator) Library.

+//

+// BaseRng Library that uses CPU RdRand instruction access to provide

+// high-quality random numbers.

+//

+// Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>

+//

+// SPDX-License-Identifier: BSD-2-Clause-Patent

+//

+// **/

+

+

+#string STR_MODULE_ABSTRACT             #language en-US "Instance of RNG L=
ibrary"

+

+#string STR_MODULE_DESCRIPTION          #language en-US "BaseRng Library t=
hat uses CPU RdRand instruction access to provide high-quality random numbe=
rs"

+

diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayload=
Pkg.dsc
index 7b57310dfd..c8562d592b 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
@@ -723,6 +723,14 @@
   MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf

 !endif

=20

+  #

+  # Random Number Generator

+  #

+  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf {

+      <LibraryClasses>

+      RngLib|UefiPayloadPkg/Library/BaseRngLib/BaseRngLib.inf

+  }

+

   #------------------------------

   #  Build the shell

   #------------------------------

diff --git a/UefiPayloadPkg/UefiPayloadPkg.fdf b/UefiPayloadPkg/UefiPayload=
Pkg.fdf
index a71d655687..3462eded64 100644
--- a/UefiPayloadPkg/UefiPayloadPkg.fdf
+++ b/UefiPayloadPkg/UefiPayloadPkg.fdf
@@ -232,6 +232,10 @@ INF MdeModulePkg/Bus/Usb/UsbMouseDxe/UsbMouseDxe.inf
 #

 INF  MdeModulePkg/Universal/Acpi/AcpiTableDxe/AcpiTableDxe.inf

=20

+# Random Number Generator

+#

+INF SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf

+

 #

 # UEFI network modules

 #

--=20
2.32.0