From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-io1-f48.google.com (mail-io1-f48.google.com [209.85.166.48]) by mx.groups.io with SMTP id smtpd.web10.114574.1597940300061567314 for ; Thu, 20 Aug 2020 09:18:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20161025 header.b=WUZfVj7A; spf=pass (domain: gmail.com, ip: 209.85.166.48, mailfrom: matthewfcarlson@gmail.com) Received: by mail-io1-f48.google.com with SMTP id q75so2797726iod.1 for ; Thu, 20 Aug 2020 09:18:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gP/ImGvi7ymofG9UEce1TVC2Vs8eCTpWlTF+GmPgurc=; b=WUZfVj7AO8XsB+QPjxodK0oMIifa0GNPkfwI1vBk+o18jV/P8dLvbuMtaGnz8qCZ3R V4HrSq6ECCPBOFJFPa/mnnHVtjCBbUAI/IF0ch7UFKJj8HFCzPN5qvmbv0iF7k4cpYuH YXHnwm5+gnGcpTvpdJOtbzAzmdzn3NiyuiN8HVPCHVH2QLcoyyf04AiW1CiCv1O5xGpR wKobzhCytfIRuU9IFrmYZWeIF+FGERNlRC75aa9NGLshSiMPgTX25Y2DIsaKmfUHs5vZ a5YyNce7gZVbiycSFyzXIr8hMKoajLk2VsbADBk/i77oIFk+CiHz5mmey2XGJayLWA/M S67Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gP/ImGvi7ymofG9UEce1TVC2Vs8eCTpWlTF+GmPgurc=; b=cSqubw5U1KEqPYPiofChG0SKit8UDYpBdxtX4R+8WCfZvTVOJDcdmYEXrBxlzMyW00 o1tvlnscUTSw1BQh+U56/lfwld0EivqLE51xmO47WAEe6PcqUNuCyWhvA79TrzfYOEWT 3aqm8NNzkDQTSSPSN/Lr90c3PRTso6UyGEuOwgbtD/LdeYw92icj6/mA12ErdwzMU4xm YZkCr5weBRnnZY9eEnGad8T7PMf9p68vAa4LF5NCxIZRYa7zuVY38PSkMbMRdAURo825 +ULWH2a4M4RDRult6/2GWx3002Im4cNU7qR0qhrOUz/KAJeQ6h9eIDv3SgK+FRvqM4fw 0LLQ== X-Gm-Message-State: AOAM531aVvbgZ66N+F+q9QceYCfuH5YH8wnkS4nxMUfRi3Rlsp9SmKP6 q/ZdCleL+n/6G3KsiDLecPXty2xqzfbgwLV/DJY= X-Google-Smtp-Source: ABdhPJzJFbGGp5WnXITjpqR/vVhtB1u2g09moi7NjAglF1grFCUvcGkX4q4nyAh64k8C5mJyX8b3K8aumf3g8c3B6Bk= X-Received: by 2002:a6b:7846:: with SMTP id h6mr3171538iop.145.1597940299281; Thu, 20 Aug 2020 09:18:19 -0700 (PDT) MIME-Version: 1.0 References: <20200819193712.1629-1-matthewfcarlson@gmail.com> <20200819193712.1629-2-matthewfcarlson@gmail.com> In-Reply-To: From: "Matthew Carlson" Date: Thu, 20 Aug 2020 09:18:09 -0700 Message-ID: Subject: Re: [PATCH v8 1/5] MdePkg: TimerRngLib: Added RngLib that uses TimerLib To: "Kinney, Michael D" Cc: "devel@edk2.groups.io" , Ard Biesheuvel , "Gao, Liming" , "Liu, Zhiguang" Content-Type: multipart/alternative; boundary="000000000000e9396305ad5177e0" --000000000000e9396305ad5177e0 Content-Type: text/plain; charset="UTF-8" Thank you Mike and Ard, I'll definitely run ECC and resolve the code nits as well as the other suggestions. So the previous RNG code in OpenSSL just had a 10-microsecond delay in between every 2 bytes. We could go back to that and match the behavior of before but as Mike pointed out, this approach suffers on systems with slow timer libs. I know this particular Rng library isn't meant to be a good source of randomness and it is meant to offer a solution to those who don't want to make the switch over to a good RngLib specifically for OpenSSL. That said, I don't see any reason why we can't make this a better source of random. I don't think it would be quite N, 2N, 3N, ... because of the variability in the delay mechanism but I do agree that it would be quite close to that. I'll throw out some options: 1. Implement a seeding mechanism that we mix in values with what we've previously generated. So that it's no longer N, 2N, 3N but rather some sort of hashing of the two numbers or other PRNG type system. 2. Use only 8 bits from the performance counter rather than 16. The idea here is that it would roll over more frequently and you'd be more subject to randomness. The downside is that this would take twice as long, which means to generate 64 bits of random data, it would take at least 12 performance timer ticks, which on systems where their performance counters run in KHz rather than MHz or GHz, means you could be looking at a delay of milliseconds rather than microseconds. I'd argue in that case that the platform should use a real RngLib rather than use this one if their timer is so slow, but that's beside the point. 3. Have some way of specifying the delay that is less deterministic? There are a few ways I can think of doing this but none are very good.I'm open to suggestions. -Matthew Carlson On Thu, Aug 20, 2020 at 8:21 AM Kinney, Michael D < michael.d.kinney@intel.com> wrote: > Hi Matt, > > Some comments inline below. > > I also see come comments from Ard on this series about code style. > I did not provide feedback on the code style issues here (except for > a function header comment block style). > > There is a tool called ECC (EFI Code Checker) that is now enabled in > EDK II CI. Please run this checker locally and resolve all issues in > your patch series. > > Thanks, > > Mike > > > > -----Original Message----- > > From: matthewfcarlson@gmail.com > > Sent: Wednesday, August 19, 2020 12:37 PM > > To: devel@edk2.groups.io > > Cc: Ard Biesheuvel ; Kinney, Michael D < > michael.d.kinney@intel.com>; Gao, Liming ; > > Liu, Zhiguang ; Matthew Carlson < > matthewfcarlson@gmail.com> > > Subject: [PATCH v8 1/5] MdePkg: TimerRngLib: Added RngLib that uses > TimerLib > > > > From: Matthew Carlson > > > > Added a new RngLib that provides random numbers from the TimerLib > > using the performance counter. This is meant to be used for OpenSSL > > to replicate past behavior. This should not be used in production as > > a real source of entropy. > > > > Ref: https://github.com/tianocore/edk2/pull/845 > > Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=1871 > > > > Cc: Ard Biesheuvel > > Cc: Michael D Kinney > > Cc: Liming Gao > > Cc: Zhiguang Liu > > Signed-off-by: Matthew Carlson > > --- > > MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c | 191 > ++++++++++++++++++++ > > MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf | 36 ++++ > > MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni | 15 ++ > > MdePkg/MdePkg.dsc | 3 +- > > 4 files changed, 244 insertions(+), 1 deletion(-) > > > > diff --git a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c > b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c > > new file mode 100644 > > index 000000000000..c72aa335823d > > --- /dev/null > > +++ b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c > > @@ -0,0 +1,191 @@ > > +/** @file > > > > + BaseRng Library that uses the TimerLib to provide reasonably random > numbers. > > > > + Do not use this on a production system. > > > > + > > > > + Copyright (c) Microsoft Corporation. > > > > + SPDX-License-Identifier: BSD-2-Clause-Patent > > > > +**/ > > > > + > > > > +#include > > > > +#include > > > > +#include > > > > +#include > > > > + > > > > +/** > > > > + * Using the TimerLib GetPerformanceCounterProperties() we delay > > > > + * for enough time for the PerformanceCounter to increment. > > > > + * Depending on your system > > > Please update the comments to describe that this function returns > delay in microseconds. It does not actually do the delay. > > > > > + * > > > > + * If the return value from GetPerformanceCounterProperties (TimerLib) > > > > + * is zero, this function will not delay and attempt to assert. > > > > + */ > > Comment block style does not match EDK II style. Remove extra '*'. > > > > > > +STATIC > > > > +UINT32 > > > > +CalculateMinimumDecentDelayInMicroseconds ( > > > > + VOID > > > > + ) > > > > +{ > > > > + UINT64 StartValue; > > Remove > > > > > + UINT64 EndValue; > > Remove > > > > > + UINT64 CounterHz; > > > > + UINT64 MinumumDelayInMicroSeconds; > > > > + > > > > + // Get the counter properties > > > > + CounterHz = GetPerformanceCounterProperties (&StartValue, &EndValue); > > > Change to: > > CounterHz = GetPerformanceCounterProperties (NULL, NULL); > > > > > + // Make sure we won't divide by zero > > > > + if (CounterHz == 0) { > > > > + ASSERT(CounterHz != 0); // Assert so the developer knows something > is wrong > > > > + return; > > > > + } > > > > + // Calculate the minimum delay based on 1.5 microseconds divided by > the hertz. > > > > + // We calculate the length of a cycle (1/CounterHz) and multiply it > by 1.5 microseconds > > > > + // This ensures that the performance counter has increased by at > least one > > > > + return (UINT32)(MAX(DivU64x64Remainder(1500000 / CounterHz, NULL), > 1)); > > > > +} > > > > + > > > > + > > > > +/** > > > > + Generates a 16-bit random number. > > > > + > > > > + if Rand is NULL, then ASSERT(). > > > > + > > > > + @param[out] Rand Buffer pointer to store the 16-bit random value. > > > > + > > > > + @retval TRUE Random number generated successfully. > > > > + @retval FALSE Failed to generate the random number. > > > > + > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +GetRandomNumber16 ( > > > > + OUT UINT16 *Rand > > > > + ) > > > > +{ > > > > + UINT32 Index; > > > > + UINT8 *RandPtr; > > > > + UINT32 DelayInMicroSeconds; > > > > + > > > > + ASSERT (Rand != NULL); > > > > + > > > > + if (Rand == NULL) { > > > > + return FALSE; > > > > + } > > > > + DelayInMicroSeconds = CalculateMinimumDecentDelayInMicroseconds (); > > > > + RandPtr = (UINT8*)Rand; > > > > + // Get 2 bytes of random ish data > > > > + for (Index = 0; Index < 2; Index ++) { > > > > + *RandPtr = (UINT8)(GetPerformanceCounter () & 0xFF); > > > > + // Delay to give the performance counter a chance to change > > > > + MicroSecondDelay (DelayInMicroSeconds); > > > > + RandPtr++; > > > > + } > > > > + return TRUE; > > > > +} > > > > + > > > > +/** > > > > + Generates a 32-bit random number. > > > > + > > > > + if Rand is NULL, then ASSERT(). > > > > + > > > > + @param[out] Rand Buffer pointer to store the 32-bit random value. > > > > + > > > > + @retval TRUE Random number generated successfully. > > > > + @retval FALSE Failed to generate the random number. > > > > + > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +GetRandomNumber32 ( > > > > + OUT UINT32 *Rand > > > > + ) > > > > +{ > > > > + UINT32 Index; > > > > + UINT8 *RandPtr; > > > > + UINT32 DelayInMicroSeconds; > > > > + > > > > + ASSERT (Rand != NULL); > > > > + > > > > + if (NULL == Rand) { > > > > + return FALSE; > > > > + } > > > > + > > > > + RandPtr = (UINT8 *) Rand; > > > > + DelayInMicroSeconds = CalculateMinimumDecentDelayInMicroseconds (); > > > > + // Get 4 bytes of random ish data > > > > + for (Index = 0; Index < 4; Index ++) { > > > > + *RandPtr = (UINT8) (GetPerformanceCounter () & 0xFF); > > > > + // Delay to give the performance counter a chance to change > > > > + MicroSecondDelay (DelayInMicroSeconds); > > > > + RandPtr++; > > > > + } > > > > + return TRUE; > > > > +} > > > > + > > > > +/** > > > > + Generates a 64-bit random number. > > > > + > > > > + if Rand is NULL, then ASSERT(). > > > > + > > > > + @param[out] Rand Buffer pointer to store the 64-bit random value. > > > > + > > > > + @retval TRUE Random number generated successfully. > > > > + @retval FALSE Failed to generate the random number. > > > > + > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +GetRandomNumber64 ( > > > > + OUT UINT64 *Rand > > > > + ) > > > > +{ > > > > + UINT32 Index; > > > > + UINT8 *RandPtr; > > > > + UINT32 DelayInMicroSeconds; > > > > + > > > > + ASSERT (Rand != NULL); > > > > + > > > > + if (NULL == Rand) { > > > > + return FALSE; > > > > + } > > > > + > > > > + RandPtr = (UINT8 *) Rand; > > > > + DelayInMicroSeconds = CalculateMinimumDecentDelayInMicroseconds (); > > > > + // Get 8 bytes of random ish data > > > > + for (Index = 0; Index < 8; Index ++) { > > > > + *RandPtr = (UINT8)(GetPerformanceCounter () & 0xFF); > > > > + // Delay to give the performance counter a chance to change > > > > + MicroSecondDelay (DelayInMicroSeconds); > > > > + RandPtr++; > > > > + } > > > > + > > > > + return TRUE; > > > > +} > > > > + > > > > +/** > > > > + Generates a 128-bit random number. > > > > + > > > > + if Rand is NULL, then ASSERT(). > > > > + > > > > + @param[out] Rand Buffer pointer to store the 128-bit random value. > > > > + > > > > + @retval TRUE Random number generated successfully. > > > > + @retval FALSE Failed to generate the random number. > > > > + > > > > +**/ > > > > +BOOLEAN > > > > +EFIAPI > > > > +GetRandomNumber128 ( > > > > + OUT UINT64 *Rand > > > > + ) > > > > +{ > > > > + ASSERT (Rand != NULL); > > > > + // This should take around 80ms > > > Update comment to remove mention of specific delay and match > similar comments in functions above. > > > > > + > > > > + // Read first 64 bits > > > > + if (!GetRandomNumber64 (Rand)) { > > > > + return FALSE; > > > > + } > > > > + > > > > + // Read second 64 bits > > > > + return GetRandomNumber64 (++Rand); > > > > +} > > > > diff --git a/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf > b/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf > > new file mode 100644 > > index 000000000000..c499e5327351 > > --- /dev/null > > +++ b/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf > > @@ -0,0 +1,36 @@ > > +## @file > > > > +# Instance of RNG (Random Number Generator) Library. > > > > +# > > > > +# BaseRng Library that uses the TimerLib to provide reasonably random > numbers. > > > > +# Do NOT use this on a production system as this uses the system > performance > > > > +# counter rather than a true source of random in addition to having a > weak > > > > +# random algorithm. This is provided primarily as a source of entropy > for > > > > +# OpenSSL for platforms that do not have a good built in RngLib as this > > > > +# emulates what was done before (though it isn't perfect). > > > > +# > > > > +# Copyright (c) Microsoft Corporation. All rights reserved.
> > > > +# > > > > +# SPDX-License-Identifier: BSD-2-Clause-Patent > > > > +# > > > > +# > > > > +## > > > > + > > > > +[Defines] > > > > + INF_VERSION = 1.27 > > > > + BASE_NAME = BaseRngLibTimerLib > > > > + MODULE_UNI_FILE = BaseRngLibTimerLib.uni > > > > + FILE_GUID = 74950C45-10FC-4AB5-B114-49C87C17409B > > > > + MODULE_TYPE = BASE > > > > + VERSION_STRING = 1.0 > > > > + LIBRARY_CLASS = RngLib > > > > + CONSTRUCTOR = BaseRngLibConstructor > > > > + > > > > +[Sources] > > > > + RngLibTimer.c > > > > + > > > > +[Packages] > > > > + MdePkg/MdePkg.dec > > > > + > > > > +[LibraryClasses] > > > > + BaseLib > > > > + TimerLib > > > > diff --git a/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni > b/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni > > new file mode 100644 > > index 000000000000..fde24b9f0107 > > --- /dev/null > > +++ b/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni > > @@ -0,0 +1,15 @@ > > +// @file > > > > +// Instance of RNG (Random Number Generator) Library. > > > > +// > > > > +// RngLib that uses TimerLib's performance counter to provide random > numbers. > > > > +// > > > > +// Copyright (c) Microsoft Corporation. > > > > +// > > > > +// SPDX-License-Identifier: BSD-2-Clause-Patent > > > > +// > > > > + > > > > + > > > > +#string STR_MODULE_ABSTRACT #language en-US "Instance of RNG > Library" > > > > + > > > > +#string STR_MODULE_DESCRIPTION #language en-US "BaseRng Library that > uses the TimerLib to provide low-entropy random numbers" > > > > + > > > > diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc > > index 472fa3777412..d7ba3a730909 100644 > > --- a/MdePkg/MdePkg.dsc > > +++ b/MdePkg/MdePkg.dsc > > @@ -62,6 +62,8 @@ > > MdePkg/Library/BasePostCodeLibPort80/BasePostCodeLibPort80.inf > > > > MdePkg/Library/BasePrintLib/BasePrintLib.inf > > > > > MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf > > > > + MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf > > > > + MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf > > > > MdePkg/Library/BaseSerialPortLibNull/BaseSerialPortLibNull.inf > > > > MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf > > > > MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf > > > > @@ -69,7 +71,6 @@ > > > MdePkg/Library/BaseUefiDecompressLib/BaseUefiTianoCustomDecompressLib.inf > > > > MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf > > > > MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf > > > > - MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf > > > > > > > > MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf > > > > MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf > > > > -- > > 2.28.0.windows.1 > > --000000000000e9396305ad5177e0 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Thank you Mike and Ard,

I'll definitely run EC= C and resolve the code nits=C2=A0as well as the other suggestions.

So the previous RNG code in OpenSSL just had a 10-microsec= ond delay in between=C2=A0every 2 bytes. We could go back to that and match= the behavior of before but as Mike pointed out, this approach suffers on s= ystems with slow timer libs. I know this particular Rng library isn't m= eant to be a good source of randomness and it is meant to offer a solution = to those who don't want to make the switch over to a good RngLib specif= ically for OpenSSL. That said, I don't see any reason why we can't = make this a better source of random. I don't think it would be quite N,= 2N, 3N, ...=C2=A0because of the variability in the delay mechanism but I d= o agree that it would be quite close to that. I'll throw out some optio= ns:

1. Implement a seeding mechanism that we mix i= n values with what we've previously generated. So that it's no=C2= =A0longer N, 2N, 3N but rather some sort of hashing of the two numbers or o= ther PRNG type system.
2. Use only 8 bits from the performance co= unter rather than 16. The idea here is that it would roll over more frequen= tly and you'd be more subject to randomness. The downside is that this = would take twice as long, which means to generate 64 bits of random data, i= t would take at least 12 performance timer ticks, which on systems where th= eir performance counters run in KHz rather than MHz or GHz, means you could= be looking at a delay of milliseconds rather than microseconds. I'd ar= gue in that case that the platform should use a real RngLib rather than use= this one if their timer is so slow, but that's beside the point.
=
3. Have some way of specifying the delay that is less deterministic? T= here are a few ways I can think of doing this but none are very good.I'= m open to suggestions.

-M= atthew Carlson


On Thu, Aug 20, 2020 at 8:21 AM K= inney, Michael D <michael.= d.kinney@intel.com> wrote:
Hi Matt,

Some comments inline below.

I also see come comments from Ard on this series about code style.
I did not provide feedback on the code style issues here (except for
a function header comment block style).

There is a tool called ECC (EFI Code Checker) that is now enabled in
EDK II CI.=C2=A0 Please run this checker locally and resolve all issues in<= br> your patch series.

Thanks,

Mike


> -----Original Message-----
> From: m= atthewfcarlson@gmail.com <matthewfcarlson@gmail.com>
> Sent: Wednesday, August 19, 2020 12:37 PM
> To: devel@ed= k2.groups.io
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>; Kinney, Michael D <michael.d.kinney@i= ntel.com>; Gao, Liming <liming.gao@intel.com>;
> Liu, Zhiguang <zhiguang.liu@intel.com>; Matthew Carlson <matthewfcarlson@gmail.com>
> Subject: [PATCH v8 1/5] MdePkg: TimerRngLib: Added RngLib that uses Ti= merLib
>
> From: Matthew Carlson <macarl@microsoft.com>
>
> Added a new RngLib that provides random numbers from the TimerLib
> using the performance counter. This is meant to be used for OpenSSL > to replicate past behavior. This should not be used in production as > a real source of entropy.
>
> Ref: https://github.com/tianocore/edk2/pull/845 > Ref: https://bugzilla.tianocore.org/show_b= ug.cgi?id=3D1871
>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Zhiguang Liu <zhiguang.liu@intel.com>
> Signed-off-by: Matthew Carlson <matthewfcarlson@gmail.com>
> ---
>=C2=A0 MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c=C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 | 191 ++++++++++++++++++++
>=C2=A0 MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf |=C2=A0= 36 ++++
>=C2=A0 MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni |=C2=A0= 15 ++
>=C2=A0 MdePkg/MdePkg.dsc=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 |=C2=A0 =C2=A03 +-
>=C2=A0 4 files changed, 244 insertions(+), 1 deletion(-)
>
> diff --git a/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c b/MdePkg/= Library/BaseRngLibTimerLib/RngLibTimer.c
> new file mode 100644
> index 000000000000..c72aa335823d
> --- /dev/null
> +++ b/MdePkg/Library/BaseRngLibTimerLib/RngLibTimer.c
> @@ -0,0 +1,191 @@
> +/** @file
>
> +=C2=A0 BaseRng Library that uses the TimerLib to provide reasonably r= andom numbers.
>
> +=C2=A0 Do not use this on a production system.
>
> +
>
> +=C2=A0 Copyright (c) Microsoft Corporation.
>
> +=C2=A0 SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +**/
>
> +
>
> +#include <Base.h>
>
> +#include <Library/BaseLib.h>
>
> +#include <Library/DebugLib.h>
>
> +#include <Library/TimerLib.h>
>
> +
>
> +/**
>
> + * Using the TimerLib GetPerformanceCounterProperties() we delay
>
> + * for enough time for the PerformanceCounter to increment.
>
> + * Depending on your system


Please update the comments to describe that this function returns
delay in microseconds.=C2=A0 It does not actually do the delay.

>
> + *
>
> + * If the return value from GetPerformanceCounterProperties (TimerLib= )
>
> + * is zero, this function will not delay and attempt to assert.
>
> + */

Comment block style does not match EDK II style.=C2=A0 Remove extra '*&= #39;.


>
> +STATIC
>
> +UINT32
>
> +CalculateMinimumDecentDelayInMicroseconds (
>
> +=C2=A0 VOID
>
> +=C2=A0 )
>
> +{
>
> +=C2=A0 UINT64 StartValue;

Remove

>
> +=C2=A0 UINT64 EndValue;

Remove

>
> +=C2=A0 UINT64 CounterHz;
>
> +=C2=A0 UINT64 MinumumDelayInMicroSeconds;
>
> +
>
> +=C2=A0 // Get the counter properties
>
> +=C2=A0 CounterHz =3D GetPerformanceCounterProperties (&StartValue= , &EndValue);


Change to:

=C2=A0 =C2=A0 CounterHz =3D GetPerformanceCounterProperties (NULL, NULL);
>
> +=C2=A0 // Make sure we won't divide by zero
>
> +=C2=A0 if (CounterHz =3D=3D 0) {
>
> +=C2=A0 =C2=A0 ASSERT(CounterHz !=3D 0); // Assert so the developer kn= ows something is wrong
>
> +=C2=A0 =C2=A0 return;
>
> +=C2=A0 }
>
> +=C2=A0 // Calculate the minimum delay based on 1.5 microseconds divid= ed by the hertz.
>
> +=C2=A0 // We calculate the length of a cycle (1/CounterHz) and multip= ly it by 1.5 microseconds
>
> +=C2=A0 // This ensures that the performance counter has increased by = at least one
>
> +=C2=A0 return (UINT32)(MAX(DivU64x64Remainder(1500000 / CounterHz, NU= LL), 1));
>
> +}
>
> +
>
> +
>
> +/**
>
> +=C2=A0 Generates a 16-bit random number.
>
> +
>
> +=C2=A0 if Rand is NULL, then ASSERT().
>
> +
>
> +=C2=A0 @param[out] Rand=C2=A0 =C2=A0 =C2=A0Buffer pointer to store th= e 16-bit random value.
>
> +
>
> +=C2=A0 @retval TRUE=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Random number ge= nerated successfully.
>
> +=C2=A0 @retval FALSE=C2=A0 =C2=A0 =C2=A0 =C2=A0 Failed to generate th= e random number.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +GetRandomNumber16 (
>
> +=C2=A0 OUT=C2=A0 =C2=A0 =C2=A0UINT16=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 *Rand
>
> +=C2=A0 )
>
> +{
>
> +=C2=A0 UINT32=C2=A0 Index;
>
> +=C2=A0 UINT8=C2=A0 *RandPtr;
>
> +=C2=A0 UINT32=C2=A0 DelayInMicroSeconds;
>
> +
>
> +=C2=A0 ASSERT (Rand !=3D NULL);
>
> +
>
> +=C2=A0 if (Rand =3D=3D NULL) {
>
> +=C2=A0 =C2=A0 return FALSE;
>
> +=C2=A0 }
>
> +=C2=A0 DelayInMicroSeconds =3D CalculateMinimumDecentDelayInMicroseco= nds ();
>
> +=C2=A0 RandPtr =3D (UINT8*)Rand;
>
> +=C2=A0 // Get 2 bytes of random ish data
>
> +=C2=A0 for (Index =3D 0; Index < 2; Index ++) {
>
> +=C2=A0 =C2=A0 *RandPtr =3D (UINT8)(GetPerformanceCounter () & 0xF= F);
>
> +=C2=A0 =C2=A0 // Delay to give the performance counter a chance to ch= ange
>
> +=C2=A0 =C2=A0 MicroSecondDelay (DelayInMicroSeconds);
>
> +=C2=A0 =C2=A0 RandPtr++;
>
> +=C2=A0 }
>
> +=C2=A0 return TRUE;
>
> +}
>
> +
>
> +/**
>
> +=C2=A0 Generates a 32-bit random number.
>
> +
>
> +=C2=A0 if Rand is NULL, then ASSERT().
>
> +
>
> +=C2=A0 @param[out] Rand=C2=A0 =C2=A0 =C2=A0Buffer pointer to store th= e 32-bit random value.
>
> +
>
> +=C2=A0 @retval TRUE=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Random number ge= nerated successfully.
>
> +=C2=A0 @retval FALSE=C2=A0 =C2=A0 =C2=A0 =C2=A0 Failed to generate th= e random number.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +GetRandomNumber32 (
>
> +=C2=A0 OUT=C2=A0 =C2=A0 =C2=A0UINT32=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 *Rand
>
> +=C2=A0 )
>
> +{
>
> +=C2=A0 UINT32=C2=A0 Index;
>
> +=C2=A0 UINT8=C2=A0 *RandPtr;
>
> +=C2=A0 UINT32=C2=A0 DelayInMicroSeconds;
>
> +
>
> +=C2=A0 ASSERT (Rand !=3D NULL);
>
> +
>
> +=C2=A0 if (NULL =3D=3D Rand) {
>
> +=C2=A0 =C2=A0 return FALSE;
>
> +=C2=A0 }
>
> +
>
> +=C2=A0 RandPtr =3D (UINT8 *) Rand;
>
> +=C2=A0 DelayInMicroSeconds =3D CalculateMinimumDecentDelayInMicroseco= nds ();
>
> +=C2=A0 // Get 4 bytes of random ish data
>
> +=C2=A0 for (Index =3D 0; Index < 4; Index ++) {
>
> +=C2=A0 =C2=A0 *RandPtr =3D (UINT8) (GetPerformanceCounter () & 0x= FF);
>
> +=C2=A0 =C2=A0 // Delay to give the performance counter a chance to ch= ange
>
> +=C2=A0 =C2=A0 MicroSecondDelay (DelayInMicroSeconds);
>
> +=C2=A0 =C2=A0 RandPtr++;
>
> +=C2=A0 }
>
> +=C2=A0 return TRUE;
>
> +}
>
> +
>
> +/**
>
> +=C2=A0 Generates a 64-bit random number.
>
> +
>
> +=C2=A0 if Rand is NULL, then ASSERT().
>
> +
>
> +=C2=A0 @param[out] Rand=C2=A0 =C2=A0 =C2=A0Buffer pointer to store th= e 64-bit random value.
>
> +
>
> +=C2=A0 @retval TRUE=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Random number ge= nerated successfully.
>
> +=C2=A0 @retval FALSE=C2=A0 =C2=A0 =C2=A0 =C2=A0 Failed to generate th= e random number.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +GetRandomNumber64 (
>
> +=C2=A0 OUT=C2=A0 =C2=A0 =C2=A0UINT64=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 *Rand
>
> +=C2=A0 )
>
> +{
>
> +=C2=A0 UINT32=C2=A0 Index;
>
> +=C2=A0 UINT8=C2=A0 *RandPtr;
>
> +=C2=A0 UINT32=C2=A0 DelayInMicroSeconds;
>
> +
>
> +=C2=A0 ASSERT (Rand !=3D NULL);
>
> +
>
> +=C2=A0 if (NULL =3D=3D Rand) {
>
> +=C2=A0 =C2=A0 return FALSE;
>
> +=C2=A0 }
>
> +
>
> +=C2=A0 RandPtr =3D (UINT8 *) Rand;
>
> +=C2=A0 DelayInMicroSeconds =3D CalculateMinimumDecentDelayInMicroseco= nds ();
>
> +=C2=A0 // Get 8 bytes of random ish data
>
> +=C2=A0 for (Index =3D 0; Index < 8; Index ++) {
>
> +=C2=A0 =C2=A0 *RandPtr =3D (UINT8)(GetPerformanceCounter () & 0xF= F);
>
> +=C2=A0 =C2=A0 // Delay to give the performance counter a chance to ch= ange
>
> +=C2=A0 =C2=A0 MicroSecondDelay (DelayInMicroSeconds);
>
> +=C2=A0 =C2=A0 RandPtr++;
>
> +=C2=A0 }
>
> +
>
> +=C2=A0 return TRUE;
>
> +}
>
> +
>
> +/**
>
> +=C2=A0 Generates a 128-bit random number.
>
> +
>
> +=C2=A0 if Rand is NULL, then ASSERT().
>
> +
>
> +=C2=A0 @param[out] Rand=C2=A0 =C2=A0 =C2=A0Buffer pointer to store th= e 128-bit random value.
>
> +
>
> +=C2=A0 @retval TRUE=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Random number ge= nerated successfully.
>
> +=C2=A0 @retval FALSE=C2=A0 =C2=A0 =C2=A0 =C2=A0 Failed to generate th= e random number.
>
> +
>
> +**/
>
> +BOOLEAN
>
> +EFIAPI
>
> +GetRandomNumber128 (
>
> +=C2=A0 OUT=C2=A0 =C2=A0 =C2=A0UINT64=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 *Rand
>
> +=C2=A0 )
>
> +{
>
> +=C2=A0 ASSERT (Rand !=3D NULL);
>
> +=C2=A0 // This should take around 80ms


Update comment to remove mention of specific delay and match
similar comments in functions above.

>
> +
>
> +=C2=A0 // Read first 64 bits
>
> +=C2=A0 if (!GetRandomNumber64 (Rand)) {
>
> +=C2=A0 =C2=A0 return FALSE;
>
> +=C2=A0 }
>
> +
>
> +=C2=A0 // Read second 64 bits
>
> +=C2=A0 return GetRandomNumber64 (++Rand);
>
> +}
>
> diff --git a/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf = b/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
> new file mode 100644
> index 000000000000..c499e5327351
> --- /dev/null
> +++ b/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
> @@ -0,0 +1,36 @@
> +## @file
>
> +#=C2=A0 Instance of RNG (Random Number Generator) Library.
>
> +#
>
> +#=C2=A0 BaseRng Library that uses the TimerLib to provide reasonably = random numbers.
>
> +#=C2=A0 Do NOT use this on a production system as this uses the syste= m performance
>
> +#=C2=A0 counter rather than a true source of random in addition to ha= ving a weak
>
> +#=C2=A0 random algorithm. This is provided primarily as a source of e= ntropy for
>
> +#=C2=A0 OpenSSL for platforms that do not have a good built in RngLib= as this
>
> +#=C2=A0 emulates what was done before (though it isn't perfect).<= br> >
> +#
>
> +#=C2=A0 Copyright (c) Microsoft Corporation. All rights reserved.<= BR>
>
> +#
>
> +#=C2=A0 SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +#
>
> +#
>
> +##
>
> +
>
> +[Defines]
>
> +=C2=A0 INF_VERSION=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =3D 1.27
>
> +=C2=A0 BASE_NAME=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =3D BaseRngLibTimerLib
>
> +=C2=A0 MODULE_UNI_FILE=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =3D BaseRngLibTimerLib.uni
>
> +=C2=A0 FILE_GUID=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =3D 74950C45-10FC-4AB5-B114-49C87C17409B
>
> +=C2=A0 MODULE_TYPE=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =3D BASE
>
> +=C2=A0 VERSION_STRING=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0= =C2=A0 =C2=A0=3D 1.0
>
> +=C2=A0 LIBRARY_CLASS=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =3D RngLib
>
> +=C2=A0 CONSTRUCTOR=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =3D BaseRngLibConstructor
>
> +
>
> +[Sources]
>
> +=C2=A0 RngLibTimer.c
>
> +
>
> +[Packages]
>
> +=C2=A0 MdePkg/MdePkg.dec
>
> +
>
> +[LibraryClasses]
>
> +=C2=A0 BaseLib
>
> +=C2=A0 TimerLib
>
> diff --git a/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni = b/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni
> new file mode 100644
> index 000000000000..fde24b9f0107
> --- /dev/null
> +++ b/MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.uni
> @@ -0,0 +1,15 @@
> +// @file
>
> +// Instance of RNG (Random Number Generator) Library.
>
> +//
>
> +// RngLib that uses TimerLib's performance counter to provide ran= dom numbers.
>
> +//
>
> +// Copyright (c) Microsoft Corporation.
>
> +//
>
> +// SPDX-License-Identifier: BSD-2-Clause-Patent
>
> +//
>
> +
>
> +
>
> +#string STR_MODULE_ABSTRACT=C2=A0 =C2=A0 =C2=A0#language en-US "= Instance of RNG Library"
>
> +
>
> +#string STR_MODULE_DESCRIPTION=C2=A0 #language en-US "BaseRng Li= brary that uses the TimerLib to provide low-entropy random numbers" >
> +
>
> diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc
> index 472fa3777412..d7ba3a730909 100644
> --- a/MdePkg/MdePkg.dsc
> +++ b/MdePkg/MdePkg.dsc
> @@ -62,6 +62,8 @@
>=C2=A0 =C2=A0 MdePkg/Library/BasePostCodeLibPort80/BasePostCodeLibPort8= 0.inf
>
>=C2=A0 =C2=A0 MdePkg/Library/BasePrintLib/BasePrintLib.inf
>
>=C2=A0 =C2=A0 MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStat= usCodeLibNull.inf
>
> +=C2=A0 MdePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
>
> +=C2=A0 MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf
>
>=C2=A0 =C2=A0 MdePkg/Library/BaseSerialPortLibNull/BaseSerialPortLibNul= l.inf
>
>=C2=A0 =C2=A0 MdePkg/Library/BaseSynchronizationLib/BaseSynchronization= Lib.inf
>
>=C2=A0 =C2=A0 MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullT= emplate.inf
>
> @@ -69,7 +71,6 @@
>=C2=A0 =C2=A0 MdePkg/Library/BaseUefiDecompressLib/BaseUefiTianoCustomD= ecompressLib.inf
>
>=C2=A0 =C2=A0 MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf
>
>=C2=A0 =C2=A0 MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf
>
> -=C2=A0 MdePkg/Library/BaseRngLibNull/BaseRngLibNull.inf
>
>
>
>=C2=A0 =C2=A0 MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf >
>=C2=A0 =C2=A0 MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf
>
> --
> 2.28.0.windows.1

--000000000000e9396305ad5177e0--