From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com [209.85.208.50])
 by mx.groups.io with SMTP id smtpd.web10.6598.1682512394292755077
 for <devel@edk2.groups.io>;
 Wed, 26 Apr 2023 05:33:15 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="signature has expired" header.i=@starlabs-systems.20221208.gappssmtp.com header.s=20221208 header.b=sfPfVzgi;
 spf=pass (domain: starlabs.systems, ip: 209.85.208.50, mailfrom: sean@starlabs.systems)
Received: by mail-ed1-f50.google.com with SMTP id 4fb4d7f45d1cf-506b8c6bc07so11874544a12.2
        for <devel@edk2.groups.io>; Wed, 26 Apr 2023 05:33:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=starlabs-systems.20221208.gappssmtp.com; s=20221208; t=1682512392; x=1685104392;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=qg6IqlKWhlN7xYKjSyUiPBuiNW3M36VwkW+Ypq79f2s=;
        b=sfPfVzgi44msMvB/WMBxjf7ujN5rMIEDqD4sBMHxKi/tDU+Cwq+FcKnscxVADKqiW2
         r3rHF5KOqP3+zv4cPfn4RZvrWwpm9QTFzJihcyDOhXu46/XgJIqvLRUtXd8jw9oLZGRE
         8LWY4d6N++yODe+h0E1jHGn+UUeKj05i3GxQwfbQymvT3rbyaQduzIPlPCgMsN/EiF6R
         QvgNMxJYb/SQpSBQ1LaQ6VTGIdKjrYIP/lpud3qYzRkTWPdOythEYLFGegN0FrC/jyPd
         zgs6wdmv+6yKSTGjW+cuQxMZYEs7EBQZBelSm43pfewrDJ+5Xolk+KWI7CvXDllt8WIu
         zzKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1682512392; x=1685104392;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=qg6IqlKWhlN7xYKjSyUiPBuiNW3M36VwkW+Ypq79f2s=;
        b=E9bmprJ0z4V82n79R5ptAWScrRkgaPJIQ6hMXPZWU/wlS1OgphNBSJwau0PihIgVM/
         VxrslwHdAytek58OftZHg2QPG3HVL+wyOl1SIZ8aGOT6y/U6KzurfyOMVxTz54W481br
         nKZOWuaSp6D2G/Vp3r5tqQFv4s1O1jHi6y6DuidGEdxH3xXeH05XrF9FRuf5LsB+tW/u
         Rte5heby7Pc/vUvVOB4MWL3uOReRP1XNkoDCIBY9Tcgh3yc0Rg/ri0VmRPB6uRjSm/pw
         Fp2vY+NoAoNForzMNr7v1CcE9HDAss8hCsUKEz3EaL6ZhEiFUETlEIhf1i2h2daikv46
         kQxA==
X-Gm-Message-State: AAQBX9f1c7Mwe+cWVCAqGd3FIPnuFpJtPbBajOvpd1SMKmcRr9rIv0ju
	8hrHmYAa8+JeyNcaAzcCqEJzNW+xNnbJOocW4C5A
X-Google-Smtp-Source: AKy350bClpi1hIg//B7WAsliAEhGuyeKdegOkuDab6PCYbHvlradi5fQwnEjQsncgiUHiTAoMcyZ4VONE2njQBGuAio=
X-Received: by 2002:a50:ed90:0:b0:502:9a5b:206e with SMTP id
 h16-20020a50ed90000000b005029a5b206emr15059245edr.9.1682512392256; Wed, 26
 Apr 2023 05:33:12 -0700 (PDT)
MIME-Version: 1.0
References: <7edb8c7baae2fc58034a62f50f5f4000fb5bd102.1682442501.git.benjamin.doron00@gmail.com>
In-Reply-To: <7edb8c7baae2fc58034a62f50f5f4000fb5bd102.1682442501.git.benjamin.doron00@gmail.com>
From: "Sean Rhodes" <sean@starlabs.systems>
Date: Wed, 26 Apr 2023 13:33:01 +0100
Message-ID: <CABtds-1NtKGMbEoZ3u40Fvi7kwW7s4oioDzYgUOZgKtS+MQW7A@mail.gmail.com>
Subject: Re: [edk2-devel][PATCH v1 1/2] UefiPayloadPkg: Define RngLibTimerLib for systems without RDRAND
To: Benjamin Doron <benjamin.doron00@gmail.com>
Cc: devel@edk2.groups.io, Guo Dong <guo.dong@intel.com>, Ray Ni <ray.ni@intel.com>, 
	James Lu <james.lu@intel.com>, Gua Guo <gua.guo@intel.com>
Content-Type: multipart/alternative; boundary="00000000000078937805fa3c71f5"

--00000000000078937805fa3c71f5
Content-Type: text/plain; charset="UTF-8"

Reviewed-by: Sean Rhodes <sean@starlabs.systems>

On Tue, 25 Apr 2023 at 18:09, Benjamin Doron <benjamin.doron00@gmail.com>
wrote:

> From: Benjamin Doron <benjamin.doron@9elements.com>
>
> Presently, `ArchIsRngSupported()` always returns TRUE, per
>
> https://github.com/tianocore/edk2/blob/1eeca0750af5af2f0e78437bf791ac2de74bde74/MdePkg/Library/BaseRngLib/Rand/RdRand.c#L124-L125
> .
> Therefore, `BaseRngLibConstructor()` should continue to assert RDRAND
> support.
>
> However, older platforms do not support RDRAND, such as QEMU in some
> configurations. Therefore, define an RngLib library class for such
> systems, using a new flag. Maintain current behaviour by default.
>
> Note that this is less secure behaviour, and should be avoided in
> production.
>
> Cc: Guo Dong <guo.dong@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Sean Rhodes <sean@starlabs.systems>
> Cc: James Lu <james.lu@intel.com>
> Cc: Gua Guo <gua.guo@intel.com>
> Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com>
> ---
>  UefiPayloadPkg/UefiPayloadPkg.dsc | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc
> b/UefiPayloadPkg/UefiPayloadPkg.dsc
> index 9847f189fff5..1e803ba01567 100644
> --- a/UefiPayloadPkg/UefiPayloadPkg.dsc
> +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc
> @@ -130,6 +130,7 @@
>    # This is how BaseCpuTimerLib works, and a recommended way to get
> Frequence, so set the default value as TRUE.
>    # Note: for emulation platform such as QEMU, this may not work and
> should set it as FALSE
>    DEFINE CPU_TIMER_LIB_ENABLE  = TRUE
> +  DEFINE CPU_RNG_ENABLE        = TRUE
>
>    DEFINE MULTIPLE_DEBUG_PORT_SUPPORT = FALSE
>
> @@ -204,7 +205,11 @@
>  !endif
>    IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
>    OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> +!if $(CPU_RNG_ENABLE) == TRUE
>    RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
> +!else
> +  RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
> +!endif
>    HobLib|UefiPayloadPkg/Library/DxeHobLib/DxeHobLib.inf
>
>    #
> --
> 2.39.2
>
>

--00000000000078937805fa3c71f5
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:trebuche=
t ms,sans-serif">Reviewed-by: Sean Rhodes &lt;sean@starlabs.systems&gt;</di=
v></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr=
">On Tue, 25 Apr 2023 at 18:09, Benjamin Doron &lt;<a href=3D"mailto:benjam=
in.doron00@gmail.com">benjamin.doron00@gmail.com</a>&gt; wrote:<br></div><b=
lockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-le=
ft:1px solid rgb(204,204,204);padding-left:1ex">From: Benjamin Doron &lt;<a=
 href=3D"mailto:benjamin.doron@9elements.com" target=3D"_blank">benjamin.do=
ron@9elements.com</a>&gt;<br>
<br>
Presently, `ArchIsRngSupported()` always returns TRUE, per<br>
<a href=3D"https://github.com/tianocore/edk2/blob/1eeca0750af5af2f0e78437bf=
791ac2de74bde74/MdePkg/Library/BaseRngLib/Rand/RdRand.c#L124-L125" rel=3D"n=
oreferrer" target=3D"_blank">https://github.com/tianocore/edk2/blob/1eeca07=
50af5af2f0e78437bf791ac2de74bde74/MdePkg/Library/BaseRngLib/Rand/RdRand.c#L=
124-L125</a>.<br>
Therefore, `BaseRngLibConstructor()` should continue to assert RDRAND<br>
support.<br>
<br>
However, older platforms do not support RDRAND, such as QEMU in some<br>
configurations. Therefore, define an RngLib library class for such<br>
systems, using a new flag. Maintain current behaviour by default.<br>
<br>
Note that this is less secure behaviour, and should be avoided in<br>
production.<br>
<br>
Cc: Guo Dong &lt;<a href=3D"mailto:guo.dong@intel.com" target=3D"_blank">gu=
o.dong@intel.com</a>&gt;<br>
Cc: Ray Ni &lt;<a href=3D"mailto:ray.ni@intel.com" target=3D"_blank">ray.ni=
@intel.com</a>&gt;<br>
Cc: Sean Rhodes &lt;sean@starlabs.systems&gt;<br>
Cc: James Lu &lt;<a href=3D"mailto:james.lu@intel.com" target=3D"_blank">ja=
mes.lu@intel.com</a>&gt;<br>
Cc: Gua Guo &lt;<a href=3D"mailto:gua.guo@intel.com" target=3D"_blank">gua.=
guo@intel.com</a>&gt;<br>
Signed-off-by: Benjamin Doron &lt;<a href=3D"mailto:benjamin.doron@9element=
s.com" target=3D"_blank">benjamin.doron@9elements.com</a>&gt;<br>
---<br>
=C2=A0UefiPayloadPkg/UefiPayloadPkg.dsc | 5 +++++<br>
=C2=A01 file changed, 5 insertions(+)<br>
<br>
diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayload=
Pkg.dsc<br>
index 9847f189fff5..1e803ba01567 100644<br>
--- a/UefiPayloadPkg/UefiPayloadPkg.dsc<br>
+++ b/UefiPayloadPkg/UefiPayloadPkg.dsc<br>
@@ -130,6 +130,7 @@<br>
=C2=A0 =C2=A0# This is how BaseCpuTimerLib works, and a recommended way to =
get Frequence, so set the default value as TRUE.<br>
=C2=A0 =C2=A0# Note: for emulation platform such as QEMU, this may not work=
 and should set it as FALSE<br>
=C2=A0 =C2=A0DEFINE CPU_TIMER_LIB_ENABLE=C2=A0 =3D TRUE<br>
+=C2=A0 DEFINE CPU_RNG_ENABLE=C2=A0 =C2=A0 =C2=A0 =C2=A0 =3D TRUE<br>
<br>
=C2=A0 =C2=A0DEFINE MULTIPLE_DEBUG_PORT_SUPPORT =3D FALSE<br>
<br>
@@ -204,7 +205,11 @@<br>
=C2=A0!endif<br>
=C2=A0 =C2=A0IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf<b=
r>
=C2=A0 =C2=A0OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf<br>
+!if $(CPU_RNG_ENABLE) =3D=3D TRUE<br>
=C2=A0 =C2=A0RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf<br>
+!else<br>
+=C2=A0 RngLib|MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf<br>
+!endif<br>
=C2=A0 =C2=A0HobLib|UefiPayloadPkg/Library/DxeHobLib/DxeHobLib.inf<br>
<br>
=C2=A0 =C2=A0#<br>
-- <br>
2.39.2<br>
<br>
</blockquote></div>

--00000000000078937805fa3c71f5--