From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65])
 by mx.groups.io with SMTP id smtpd.web11.1174.1573719276312942222
 for <devel@edk2.groups.io>;
 Thu, 14 Nov 2019 00:14:36 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@linaro.org header.s=google header.b=Q0gW5meL;
 spf=pass (domain: linaro.org, ip: 209.85.128.65, mailfrom: ard.biesheuvel@linaro.org)
Received: by mail-wm1-f65.google.com with SMTP id u18so4651669wmc.3
        for <devel@edk2.groups.io>; Thu, 14 Nov 2019 00:14:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=wBwTczdLG9SmvXlI4z5lWcK9dEgTk7cCFRL1jXEj5CM=;
        b=Q0gW5meLkyOTOmKeLO4Waau3HNBeyeeZ2BlGv8J/ZSiWT0RQX1mhciDkvxk2+yG1sj
         BM0Y3NNp0rMYjLwKhlLkuF2BQFxw4FCrSbBb+d8iA6QyfEpwb+3CKLUKBE6qdpSdozoe
         p4+L2aMts6ib3j571S7FrAisgoSKkfj041C/4vUYeSyvyZsUx/7NrLVRe3ssL136y+D8
         YrCbWk9XO9XIIxzKwQwCk+KPQ110NbwBEzfQgGm9x27kFZc4H78+WB2P5hDd1B+1mjf7
         75aQYwqd9aa90/tuMNaobNumpX7005jxQQ5YZbGIEyQSgFd26dgOQxopl2ScWLhEdFWl
         sXwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=wBwTczdLG9SmvXlI4z5lWcK9dEgTk7cCFRL1jXEj5CM=;
        b=M59Na3TVL5+XQSbeeIuP4UYYP2h10lutkomR3idoSbzFO0TOIKD1pN7Oha1Jxv4oSI
         Q1oI8wcavNTcuQVNbEU3JorSgqF2mTPxQAfy1WoUGaVPL5xmCk8iaIOVVxRFwZxhBiUy
         zus9fKamNMa9wrtTVux4U5TKJoSSsl8dB7CKbLis93pHu/O1lX4xkbtPfM+2D5tsnAhe
         rAm9HV1xWqQhjB10sDrfsp5saBYn7vOeMzB9orP6ZA9NSGOG2Wmcdf+UE/4Uf6/dOiuE
         LBpzZlY2yXy+k1f4nnaP4iSEocGZ8jCgbonpH1c84NpoWafhepPmeYyRamai445dbrk6
         hF1A==
X-Gm-Message-State: APjAAAUCimiCUYXuRAkNSjJ8If6ecWx8XdzwA8i6vBk64nMsjvA2vg/4
	CrxDEQrmCE2E14sOWgUlMobkwIueecjdfN5A2IPvYPfH+Ei6kQ==
X-Google-Smtp-Source: APXvYqyy4h3sRJ7MIZvBrTk6m5VDtbVwlhqVSVJclQXk70hR8fAEi/JpIWVJ+/M1unBEJtVNte18nAxj3qgWY2TWpkM=
X-Received: by 2002:a1c:b1c3:: with SMTP id a186mr6826639wmf.10.1573719274388;
 Thu, 14 Nov 2019 00:14:34 -0800 (PST)
MIME-Version: 1.0
References: <20191114021743.3876-1-jian.j.wang@intel.com> <20191114021743.3876-10-jian.j.wang@intel.com>
 <CAKv+Gu_1Sacdb+8v9mLHsxW66dk3+q7rS39gQTv6eJ4kYrRX0Q@mail.gmail.com> <D827630B58408649ACB04F44C5100036259AFCC5@SHSMSX107.ccr.corp.intel.com>
In-Reply-To: <D827630B58408649ACB04F44C5100036259AFCC5@SHSMSX107.ccr.corp.intel.com>
From: "Ard Biesheuvel" <ard.biesheuvel@linaro.org>
Date: Thu, 14 Nov 2019 08:14:25 +0000
Message-ID: <CAKv+Gu_m7+-H3SQdTdahfU-tp5uyiKG2-3PeQdf+x0vuwVLboA@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH 09/11] ArmVirtPkg/ArmVirt.dsc.inc: specify RngLib instances in dsc files
To: edk2-devel-groups-io <devel@edk2.groups.io>, Jian J Wang <jian.j.wang@intel.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>, Laszlo Ersek <lersek@redhat.com>
Content-Type: text/plain; charset="UTF-8"

On Thu, 14 Nov 2019 at 08:03, Wang, Jian J <jian.j.wang@intel.com> wrote:
>
> Ard,
>
>
> > -----Original Message-----
> > From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > Sent: Thursday, November 14, 2019 3:41 PM
> > To: edk2-devel-groups-io <devel@edk2.groups.io>; Wang, Jian J
> > <jian.j.wang@intel.com>
> > Cc: Leif Lindholm <leif.lindholm@linaro.org>; Laszlo Ersek <lersek@redhat.com>
> > Subject: Re: [edk2-devel] [PATCH 09/11] ArmVirtPkg/ArmVirt.dsc.inc: specify
> > RngLib instances in dsc files
> >
> > On Thu, 14 Nov 2019 at 02:18, Wang, Jian J <jian.j.wang@intel.com> wrote:
> > >
> > > Per BZ1871, OpensslLib will depend on RngLib instead of TimerLib. Update
> > > ArmVirt.dsc.inc file to accommodate the coming changes. It's supposed
> > > that only TlsDxe needs random number. The RngDxeLib is added for it. For
> > > all other drivers, RngLibNull is used by default.
> > >
> > > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1871
> > > Cc: Leif Lindholm <leif.lindholm@linaro.org>
> > > Cc: Laszlo Ersek <lersek@redhat.com>
> > > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
> > > Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
> >
> > Does this mean we lose the ability to do HTTPS boot if we lack an
> > implementation of EFI_RNG_PROTOCOL?
>
> The ArmVirtQemuXxx.dsc have EFI_RNG_PROTOCOL implemented. The
> only one having problem is ArmVirtXen.dsc.
>

No, it applies to all of them. The fact that a driver is available
does not mean the virtual hardware is being provided.

> What's your suggestion? Implementing one (RngLib or EFI_RNG_PROTOCOL)
> for ARM particually (you guys need to do it) or add a general RngLib (like
> cpu jitter) this time (I can do that)?
>

How does this work today? How does TLS obtain the entropy to generate
the symmetric key for encryption?

> >
> > > ---
> > >  ArmVirtPkg/ArmVirt.dsc.inc | 2 ++
> > >  1 file changed, 2 insertions(+)
> > >
> > > diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc
> > > index 10037c938e..10e0890699 100644
> > > --- a/ArmVirtPkg/ArmVirt.dsc.inc
> > > +++ b/ArmVirtPkg/ArmVirt.dsc.inc
> > > @@ -156,8 +156,10 @@
> > >    IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf
> > >  !if $(NETWORK_TLS_ENABLE) == TRUE
> > >    OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf
> > > +
> > RngLib|SecurityPkg/RandomNumberGenerator/DxeRngLibRngProtocol/DxeRng
> > LibRngProtocol.inf
> > >  !else
> > >    OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLibCrypto.inf
> > > +  RngLib|MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf
> > >  !endif
> > >    BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf
> > >
> > > --
> > > 2.17.1.windows.2
> > >
> > >
> > >
> > >
>
> 
>