From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179])
 by mx.groups.io with SMTP id smtpd.web11.16662.1669116918900349683
 for <devel@edk2.groups.io>;
 Tue, 22 Nov 2022 03:35:18 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20210112 header.b=fjx4EWyI;
 spf=pass (domain: gmail.com, ip: 209.85.214.179, mailfrom: pedro.falcato@gmail.com)
Received: by mail-pl1-f179.google.com with SMTP id jn7so11496800plb.13
        for <devel@edk2.groups.io>; Tue, 22 Nov 2022 03:35:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=RkMhO7hlDZEo6B+6L74FBIJ+d2Y8yW6NCTot7dIhEbY=;
        b=fjx4EWyIY9qyy5tTEWqVUbookbaj9GOORecShSvbRo2UnQ9YR4ccMKjkV9MiLk74a1
         vqU00+SWduygkvLWTjwmfxNogx3s5qq7M/vG8z4PdlIc+iSI5BQtcpPNR1lQPlYCelzN
         e1mUfYsl9sz069OHZqMm6TNI3eQItjc2rQ8XMJeVKu0qa7g/K0gTRKTdwVQghczZn6Kt
         wVFtFcDGgmemzI1mu9ExWTQWWDDkAjIPaxsjvwmA1xfZoR9NqcVBziVB7qI1NfrXD5wH
         yA24i8ZHVovY7WdyY6AE0hn+TPaKX3oP224T5sfhNFMhbP23ejOWlRa60Kd/XhOu/Exp
         fuuA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=RkMhO7hlDZEo6B+6L74FBIJ+d2Y8yW6NCTot7dIhEbY=;
        b=BNgBaMbfvkWcOapCXSYCjdYiLq3Rn7j8JL58QKzsYx8WmsoqQIhILFQD+lwG5Ir3np
         LLkJ36fkAN6dqSm6bMhof9WUo0ewXLzICLDnXzqFjXb+MDy2vq/BshR6Y/2dIQQpwQLE
         Nd4qMUjpx8AJy0u6ieG7dG72P3Yxz2hhqnyZOrcTeisGMuHtUVExztxvY8Q8I9txkL7m
         I6XQCxFNR5QjZzDASJ7I6uofT6v/RcVpEx4HsEDFJKjp9lbx9tS6J/dShs5b95LsQsQz
         Mhm71XCMpoMNaw15JFNy8fW9ow1Z13IDdAp0JjXjA4s8qluS/yYtApQzeFqq7ctKpcD7
         pVzQ==
X-Gm-Message-State: ANoB5pk5+S3p82licwEkWs9ZF4eXVY1+I0slZCj5Hd9CTzQUt5Ir1HJd
	Wg6R1EdalyKQYNsCDvE32Ug5hZL3cyVrL8qpv+3zzSvBQR5Kkg==
X-Google-Smtp-Source: AA0mqf6wLHu0HQ7j98uPHGriijOB16PA/PxDHH7BBBfk913mkFNrq6aKrUX6j0j7aVD6S8yJxK94X4YWftIrFciZHks=
X-Received: by 2002:a17:90a:ea05:b0:20a:a1a8:3719 with SMTP id
 w5-20020a17090aea0500b0020aa1a83719mr25302436pjy.225.1669116917770; Tue, 22
 Nov 2022 03:35:17 -0800 (PST)
MIME-Version: 1.0
References: <20221110134738.3798618-1-ardb@kernel.org> <20221110134738.3798618-4-ardb@kernel.org>
In-Reply-To: <20221110134738.3798618-4-ardb@kernel.org>
From: "Pedro Falcato" <pedro.falcato@gmail.com>
Date: Tue, 22 Nov 2022 11:35:06 +0000
Message-ID: <CAKbZUD30=NA-7uD-qQvLC0r4cYrDJStsB47q_MyLf75kh67cKw@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH 3/3] OvmfPkg/OvmfX86: Enable RDRAND based EFI_RNG_PROTOCOL implementation
To: devel@edk2.groups.io, ardb@kernel.org
Cc: Liming Gao <gaoliming@byosoft.com.cn>, Rebecca Cran <rebecca@bsdio.com>, 
	Pierre Gondois <pierre.gondois@arm.com>, Leif Lindholm <quic_llindhol@quicinc.com>, 
	Sami Mujawar <sami.mujawar@arm.com>, Gerd Hoffmann <kraxel@redhat.com>, 
	"Jason A . Donenfeld" <Jason@zx2c4.com>
Content-Type: multipart/alternative; boundary="000000000000f8efc605ee0d9087"

--000000000000f8efc605ee0d9087
Content-Type: text/plain; charset="UTF-8"

Hi Ard,

Given this patch plus the corresponding linux-efi patches wrt RNG, I'm
mildly concerned about buggy RDRAND implementations compromising the
kernel's RNG. Is this not a concern?

It's also worth noting that MdePkg/Library/BaseRngLib skips the CPUID bit
check in ArchIsRngSupported for $REASON, which I assume will crash
pre-RDRAND VMs.
We should probably also test for stupidly broken rdrand implementations
like the notorious Zen 3 which always return 0xFFFFFFFF (per xkcd 221 ;)).

Thanks,
Pedro

On Thu, Nov 10, 2022 at 1:48 PM Ard Biesheuvel <ardb@kernel.org> wrote:

> Expose the EFI_RNG_PROTOCOL based on RdRand, so that we don't have to
> rely on QEMU providing a virtio-rng device in order to implement this
> protocol.
>
> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
> ---
>  OvmfPkg/OvmfPkgIa32.dsc    | 1 +
>  OvmfPkg/OvmfPkgIa32.fdf    | 1 +
>  OvmfPkg/OvmfPkgIa32X64.dsc | 1 +
>  OvmfPkg/OvmfPkgIa32X64.fdf | 1 +
>  OvmfPkg/OvmfPkgX64.dsc     | 1 +
>  OvmfPkg/OvmfPkgX64.fdf     | 1 +
>  6 files changed, 6 insertions(+)
>
> diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc
> index e9ba491237ae..18c1e7255812 100644
> --- a/OvmfPkg/OvmfPkgIa32.dsc
> +++ b/OvmfPkg/OvmfPkgIa32.dsc
> @@ -941,6 +941,7 @@ [Components]
>    }
>  !endif
>
> +  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
>  !if $(SECURE_BOOT_ENABLE) == TRUE
>
>  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
>    OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
> diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf
> index 7023ade8cebe..34f27ca832bc 100644
> --- a/OvmfPkg/OvmfPkgIa32.fdf
> +++ b/OvmfPkg/OvmfPkgIa32.fdf
> @@ -248,6 +248,7 @@ [FV.DXEFV]
>  INF  OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf
>  !endif
>
> +  INF  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
>  !if $(SECURE_BOOT_ENABLE) == TRUE
>    INF
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
>  !endif
> diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc
> index af566b953f36..e9a199c9f490 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.dsc
> +++ b/OvmfPkg/OvmfPkgIa32X64.dsc
> @@ -955,6 +955,7 @@ [Components.X64]
>    }
>  !endif
>
> +  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
>  !if $(SECURE_BOOT_ENABLE) == TRUE
>
>  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
>    OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
> diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf
> index 80de4fa2c0df..33cc163e596e 100644
> --- a/OvmfPkg/OvmfPkgIa32X64.fdf
> +++ b/OvmfPkg/OvmfPkgIa32X64.fdf
> @@ -249,6 +249,7 @@ [FV.DXEFV]
>  INF  OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf
>  !endif
>
> +  INF  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
>  !if $(SECURE_BOOT_ENABLE) == TRUE
>    INF
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
>  !endif
> diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
> index f39d9cd117e6..5572cb82998f 100644
> --- a/OvmfPkg/OvmfPkgX64.dsc
> +++ b/OvmfPkg/OvmfPkgX64.dsc
> @@ -1023,6 +1023,7 @@ [Components]
>    }
>  !endif
>
> +  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
>  !if $(SECURE_BOOT_ENABLE) == TRUE
>
>  SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
>    OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf
> diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
> index c0f5a1ef3c30..d42deebe3f8f 100644
> --- a/OvmfPkg/OvmfPkgX64.fdf
> +++ b/OvmfPkg/OvmfPkgX64.fdf
> @@ -274,6 +274,7 @@ [FV.DXEFV]
>  INF  OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf
>  !endif
>
> +INF  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf
>  !if $(SECURE_BOOT_ENABLE) == TRUE
>    INF
> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigDxe.inf
>  !endif
> --
> 2.35.1
>
>
>
> ------------
> Groups.io Links: You receive all messages sent to this group.
> View/Reply Online (#96191): https://edk2.groups.io/g/devel/message/96191
> Mute This Topic: https://groups.io/mt/94935843/5946980
> Group Owner: devel+owner@edk2.groups.io
> Unsubscribe: https://edk2.groups.io/g/devel/unsub [pedro.falcato@gmail.com
> ]
> ------------
>
>
>

-- 
Pedro Falcato

--000000000000f8efc605ee0d9087
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Hi Ard,</div><div><br></div><div>Given this patch plu=
s the corresponding linux-efi patches wrt RNG, I&#39;m mildly concerned abo=
ut buggy RDRAND implementations compromising the kernel&#39;s RNG. Is this =
not a concern?</div><div><br></div><div>It&#39;s also worth noting that Mde=
Pkg/Library/BaseRngLib skips the CPUID bit check in ArchIsRngSupported for =
$REASON, which I assume will crash pre-RDRAND VMs.</div><div>We should prob=
ably also test for stupidly broken rdrand implementations like the notoriou=
s Zen 3 which always return 0xFFFFFFFF (per xkcd 221 ;)).</div><div><br></d=
iv><div>Thanks,</div><div>Pedro<br></div></div><br><div class=3D"gmail_quot=
e"><div dir=3D"ltr" class=3D"gmail_attr">On Thu, Nov 10, 2022 at 1:48 PM Ar=
d Biesheuvel &lt;<a href=3D"mailto:ardb@kernel.org">ardb@kernel.org</a>&gt;=
 wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px =
0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Expose t=
he EFI_RNG_PROTOCOL based on RdRand, so that we don&#39;t have to<br>
rely on QEMU providing a virtio-rng device in order to implement this<br>
protocol.<br>
<br>
Signed-off-by: Ard Biesheuvel &lt;<a href=3D"mailto:ardb@kernel.org" target=
=3D"_blank">ardb@kernel.org</a>&gt;<br>
---<br>
=C2=A0OvmfPkg/OvmfPkgIa32.dsc=C2=A0 =C2=A0 | 1 +<br>
=C2=A0OvmfPkg/OvmfPkgIa32.fdf=C2=A0 =C2=A0 | 1 +<br>
=C2=A0OvmfPkg/OvmfPkgIa32X64.dsc | 1 +<br>
=C2=A0OvmfPkg/OvmfPkgIa32X64.fdf | 1 +<br>
=C2=A0OvmfPkg/OvmfPkgX64.dsc=C2=A0 =C2=A0 =C2=A0| 1 +<br>
=C2=A0OvmfPkg/OvmfPkgX64.fdf=C2=A0 =C2=A0 =C2=A0| 1 +<br>
=C2=A06 files changed, 6 insertions(+)<br>
<br>
diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc<br>
index e9ba491237ae..18c1e7255812 100644<br>
--- a/OvmfPkg/OvmfPkgIa32.dsc<br>
+++ b/OvmfPkg/OvmfPkgIa32.dsc<br>
@@ -941,6 +941,7 @@ [Components]<br>
=C2=A0 =C2=A0}<br>
=C2=A0!endif<br>
<br>
+=C2=A0 SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf<br>
=C2=A0!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE<br>
=C2=A0 =C2=A0SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBo=
otConfigDxe.inf<br>
=C2=A0 =C2=A0OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf<br>
diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf<br>
index 7023ade8cebe..34f27ca832bc 100644<br>
--- a/OvmfPkg/OvmfPkgIa32.fdf<br>
+++ b/OvmfPkg/OvmfPkgIa32.fdf<br>
@@ -248,6 +248,7 @@ [FV.DXEFV]<br>
=C2=A0INF=C2=A0 OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf<br>
=C2=A0!endif<br>
<br>
+=C2=A0 INF=C2=A0 SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf<br>
=C2=A0!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE<br>
=C2=A0 =C2=A0INF=C2=A0 SecurityPkg/VariableAuthenticated/SecureBootConfigDx=
e/SecureBootConfigDxe.inf<br>
=C2=A0!endif<br>
diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc<br>
index af566b953f36..e9a199c9f490 100644<br>
--- a/OvmfPkg/OvmfPkgIa32X64.dsc<br>
+++ b/OvmfPkg/OvmfPkgIa32X64.dsc<br>
@@ -955,6 +955,7 @@ [Components.X64]<br>
=C2=A0 =C2=A0}<br>
=C2=A0!endif<br>
<br>
+=C2=A0 SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf<br>
=C2=A0!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE<br>
=C2=A0 =C2=A0SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBo=
otConfigDxe.inf<br>
=C2=A0 =C2=A0OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf<br>
diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf<br>
index 80de4fa2c0df..33cc163e596e 100644<br>
--- a/OvmfPkg/OvmfPkgIa32X64.fdf<br>
+++ b/OvmfPkg/OvmfPkgIa32X64.fdf<br>
@@ -249,6 +249,7 @@ [FV.DXEFV]<br>
=C2=A0INF=C2=A0 OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf<br>
=C2=A0!endif<br>
<br>
+=C2=A0 INF=C2=A0 SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf<br>
=C2=A0!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE<br>
=C2=A0 =C2=A0INF=C2=A0 SecurityPkg/VariableAuthenticated/SecureBootConfigDx=
e/SecureBootConfigDxe.inf<br>
=C2=A0!endif<br>
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc<br>
index f39d9cd117e6..5572cb82998f 100644<br>
--- a/OvmfPkg/OvmfPkgX64.dsc<br>
+++ b/OvmfPkg/OvmfPkgX64.dsc<br>
@@ -1023,6 +1023,7 @@ [Components]<br>
=C2=A0 =C2=A0}<br>
=C2=A0!endif<br>
<br>
+=C2=A0 SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf<br>
=C2=A0!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE<br>
=C2=A0 =C2=A0SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBo=
otConfigDxe.inf<br>
=C2=A0 =C2=A0OvmfPkg/EnrollDefaultKeys/EnrollDefaultKeys.inf<br>
diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf<br>
index c0f5a1ef3c30..d42deebe3f8f 100644<br>
--- a/OvmfPkg/OvmfPkgX64.fdf<br>
+++ b/OvmfPkg/OvmfPkgX64.fdf<br>
@@ -274,6 +274,7 @@ [FV.DXEFV]<br>
=C2=A0INF=C2=A0 OvmfPkg/LsiScsiDxe/LsiScsiDxe.inf<br>
=C2=A0!endif<br>
<br>
+INF=C2=A0 SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf<br>
=C2=A0!if $(SECURE_BOOT_ENABLE) =3D=3D TRUE<br>
=C2=A0 =C2=A0INF=C2=A0 SecurityPkg/VariableAuthenticated/SecureBootConfigDx=
e/SecureBootConfigDxe.inf<br>
=C2=A0!endif<br>
-- <br>
2.35.1<br>
<br>
<br>
<br>
------------<br>
Groups.io Links: You receive all messages sent to this group.<br>
View/Reply Online (#96191): <a href=3D"https://edk2.groups.io/g/devel/messa=
ge/96191" rel=3D"noreferrer" target=3D"_blank">https://edk2.groups.io/g/dev=
el/message/96191</a><br>
Mute This Topic: <a href=3D"https://groups.io/mt/94935843/5946980" rel=3D"n=
oreferrer" target=3D"_blank">https://groups.io/mt/94935843/5946980</a><br>
Group Owner: <a href=3D"mailto:devel%2Bowner@edk2.groups.io" target=3D"_bla=
nk">devel+owner@edk2.groups.io</a><br>
Unsubscribe: <a href=3D"https://edk2.groups.io/g/devel/unsub" rel=3D"norefe=
rrer" target=3D"_blank">https://edk2.groups.io/g/devel/unsub</a> [<a href=
=3D"mailto:pedro.falcato@gmail.com" target=3D"_blank">pedro.falcato@gmail.c=
om</a>]<br>
------------<br>
<br>
<br>
</blockquote></div><br clear=3D"all"><br>-- <br><div dir=3D"ltr" class=3D"g=
mail_signature"><div dir=3D"ltr">Pedro Falcato</div></div>

--000000000000f8efc605ee0d9087--