From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by mx.groups.io with SMTP id smtpd.web10.8168.1668765369479335989 for ; Fri, 18 Nov 2022 01:56:09 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=t9iSNwis; spf=pass (domain: kernel.org, ip: 145.40.68.75, mailfrom: ardb@kernel.org) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 9EFB8B81B99 for ; Fri, 18 Nov 2022 09:56:07 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 58B23C4347C for ; Fri, 18 Nov 2022 09:56:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1668765366; bh=0PEgEExRXSsh5ZxaLmciJ5WvwUp5NlwENlxDuCtvkbc=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=t9iSNwisuy3J+SSNAu7OAfqTP3uOdzCej7u+wCNN4V9BnehJ1pnNvElv5JljLy75O ViumqiIFTYVzojsDZtUxU+5rwnBGHyiW9bVC2fh1uU/Wo/ao4cX8JGz3550c03tiYO K/yBwCI6Zmh4Slplo6UofIeZc3nRB8YiZjrbTV7Swc0gBqlR/Q55mldYAGhcBEnFT4 sSQjN5pXPwKbjSuMF44qqb9NQk/BorqFwKzWopQ9H5U9oJ8aRedw5APNW+LV5U58V+ 5rSNoV1MEjpOCtomtMEY2L+Bny+Ggd+fwd6mx9i46Cj7S4uT6+KpeL0G29+M0Sq9pU JRgxnwWoWOilg== Received: by mail-lf1-f45.google.com with SMTP id a29so7348238lfj.9 for ; Fri, 18 Nov 2022 01:56:06 -0800 (PST) X-Gm-Message-State: ANoB5pkMxDtmp4Fp3IUQAPgrbfC+qqD27GVKipPR+CfLrhDq5s8VoNjQ twFC4mCAQvbl0vY3kpSFsrQqHQpqicUzq0mH/wg= X-Google-Smtp-Source: AA0mqf7HoeHJxHL2HrAqS0+JrL6t6md99L3FVBEDMAp3dpWiCcp3Sw/gWt6ExcFfIkFqTNzw2qMtMeVAUmsBuZg8fL0= X-Received: by 2002:a05:6512:3e2a:b0:4ab:534b:1b2c with SMTP id i42-20020a0565123e2a00b004ab534b1b2cmr2017787lfv.426.1668765364317; Fri, 18 Nov 2022 01:56:04 -0800 (PST) MIME-Version: 1.0 References: <20221116150149.2200368-1-Pierre.Gondois@arm.com> In-Reply-To: <20221116150149.2200368-1-Pierre.Gondois@arm.com> From: "Ard Biesheuvel" Date: Fri, 18 Nov 2022 10:55:53 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [edk2-devel] [PATCH v2 1/1] SecurityPkg/RngDxe: Fix Rng algo selection for Arm To: devel@edk2.groups.io, pierre.gondois@arm.com Cc: Sami Mujawar , Ard Biesheuvel , Liming Gao , Jiewen Yao , Jian J Wang Content-Type: text/plain; charset="UTF-8" On Wed, 16 Nov 2022 at 16:02, PierreGondois wrote: > > From: Pierre Gondois > > BZ: https://bugzilla.tianocore.org/show_bug.cgi?id=4151 > > The EFI_RNG_PROTOCOL can advertise multiple algorithms through > Guids. The PcdCpuRngSupportedAlgorithm contains a Guid that > can be configured. It represents the algorithm used in RngLib. > PcdCpuRngSupportedAlgorithm is set to the Zero Guid for KvmTool. > > When running KvmTool on a platform platform only having the RngLib, > the only Guid available for EFI_RNG_PROTOCOL will be the zero Guid. > > To select the default algorithm in EFI_RNG_PROTOCOL.GetRng(): > a. Zero Guids are skipped > b. If no algorithm is found, an ASSERT is triggered > > To allow using the RngLib to be used for the case above, Zero Guids > should not be skipped (a.). > If no algorithm is found, don't prevent from booting on DEBUG builds > (b.). > > Allow Zero Guids to be selected and don't ASSERT if no algorithm is > found. Also simplify the selection of the Rng algorithm when the > default one is selected by just picking up the first element of > mAvailableAlgoArray. > > Reported-by: Sami Mujawar > Signed-off-by: Pierre Gondois I am still confused by this. Does this mean we might register the RNG protocol if we don't have anything to back it up? > --- > > Notes: > v2: > - Reformulate commit message. > - Do not warn if no algorithm is found as the message > would be printed on non-Arm platforms. > > .../RandomNumberGenerator/RngDxe/ArmRngDxe.c | 15 +++------------ > 1 file changed, 3 insertions(+), 12 deletions(-) > > diff --git a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c > index 5ba319899ce9..722d53386373 100644 > --- a/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c > +++ b/SecurityPkg/RandomNumberGenerator/RngDxe/ArmRngDxe.c > @@ -76,7 +76,6 @@ RngGetRNG ( > ) > { > EFI_STATUS Status; > - UINTN Index; > > if ((This == NULL) || (RNGValueLength == 0) || (RNGValue == NULL)) { > return EFI_INVALID_PARAMETER; > @@ -86,21 +85,13 @@ RngGetRNG ( > // > // Use the default RNG algorithm if RNGAlgorithm is NULL. > // > - for (Index = 0; Index < mAvailableAlgoArrayCount; Index++) { > - if (!IsZeroGuid (&mAvailableAlgoArray[Index])) { > - RNGAlgorithm = &mAvailableAlgoArray[Index]; > - goto FoundAlgo; > - } > - } > - > - if (Index == mAvailableAlgoArrayCount) { > - // No algorithm available. > - ASSERT (Index != mAvailableAlgoArrayCount); > + if (mAvailableAlgoArrayCount != 0) { > + RNGAlgorithm = &mAvailableAlgoArray[0]; > + } else { > return EFI_DEVICE_ERROR; > } > } > > -FoundAlgo: > if (CompareGuid (RNGAlgorithm, PcdGetPtr (PcdCpuRngSupportedAlgorithm))) { > Status = RngGetBytes (RNGValueLength, RNGValue); > return Status; > -- > 2.25.1 > > > > ------------ > Groups.io Links: You receive all messages sent to this group. > View/Reply Online (#96434): https://edk2.groups.io/g/devel/message/96434 > Mute This Topic: https://groups.io/mt/95067856/5717338 > Group Owner: devel+owner@edk2.groups.io > Unsubscribe: https://edk2.groups.io/g/devel/unsub [ardb+tianocore@kernel.org] > ------------ > >