From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id A48C874005B for ; Wed, 4 Sep 2024 12:05:31 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=qccApPaAIYFN/J1P+soZ0dAxmsCj9XGVyIJpI7FDVMM=; c=relaxed/simple; d=groups.io; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type; s=20240830; t=1725451531; v=1; x=1725710729; b=WWTNz9unPlZLWIp12DYeVymDTtAAeIOUfPJAApQfPbKdRNiyjNQCsfSqANUGJbm0Bjq/ycBN tP2gmgxsWzRUpVXpWWeYi3fb3El0iEBkxUyTxPDrlyHI/O8cWG+2/+XloEboHZ9hgsx/tujuoqX BKS3XD3TT+RaXImpFBGmHGlgmurPO6PtT5+sUwm6xpTzKbEHQIBzpcUhMdI3XI1BCEilNF6Vkb2 CAeCtq4TDDYlZpMQJTaPC1G9LqhYCSlMIZ6vQT23CZ6//S/yP3j5tkNlIH2WugccCpmLrvSho2d sopnQGKVmGnPCa2FWUy0X1Ji7Cf/Xr97nx+zFwItNTpKQ== X-Received: by 127.0.0.2 with SMTP id waXfYY7687511xvSfLpKu793; Wed, 04 Sep 2024 05:05:29 -0700 X-Received: from nyc.source.kernel.org (nyc.source.kernel.org [147.75.193.91]) by mx.groups.io with SMTP id smtpd.web10.48283.1725451529328147251 for ; Wed, 04 Sep 2024 05:05:29 -0700 X-Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by nyc.source.kernel.org (Postfix) with ESMTP id 48278A4420F for ; Wed, 4 Sep 2024 12:05:21 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2A597C4CEC6 for ; Wed, 4 Sep 2024 12:05:28 +0000 (UTC) X-Received: by mail-lf1-f45.google.com with SMTP id 2adb3069b0e04-5343617fdddso11181252e87.0 for ; Wed, 04 Sep 2024 05:05:28 -0700 (PDT) X-Gm-Message-State: dDlzRQLfoleZUIWB4s7pktQ0x7686176AA= X-Google-Smtp-Source: AGHT+IEVhl/J6C9XefMOu0h26g7QX9flbr5bIERNkGGRiL95dtG7KMU4T+y1wert+uNRvKIxDsHOBqDxlP8sfIi0rSY= X-Received: by 2002:a05:6512:318a:b0:52e:d0f8:2d43 with SMTP id 2adb3069b0e04-53546b3627amr5542374e87.17.1725451526527; Wed, 04 Sep 2024 05:05:26 -0700 (PDT) MIME-Version: 1.0 References: <20240904113905.1736428-1-Pierre.Gondois@arm.com> In-Reply-To: <20240904113905.1736428-1-Pierre.Gondois@arm.com> From: "Ard Biesheuvel via groups.io" Date: Wed, 4 Sep 2024 14:05:13 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [edk2-devel] [PATCH 0/3] Platform/ARM/Juno: Use RngDxeLib To: Pierre.Gondois@arm.com Cc: devel@edk2.groups.io, sami.mujawar@arm.com, Thomas Abraham Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 04 Sep 2024 05:05:29 -0700 Resent-From: ardb@kernel.org Reply-To: devel@edk2.groups.io,ardb@kernel.org List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Type: text/plain; charset="UTF-8" X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240830 header.b=WWTNz9un; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io On Wed, 4 Sept 2024 at 13:39, wrote: > > From: Pierre Gondois > > Juno's RngLib implementation is: > > - BaseRngLib.inf if a secure RngLib is enforced > - BaseRngLibTimerLib.inf if a non-secure RngLib is tolerated > > BaseRngLib.inf relies on the Arm's RNDR instruction. The instruction > returns a DRBG-generated random number. The DRBG used is considered > as secure. > The RNDR instruction is available if FEAT_RNG is set. The Juno doesn't > support it. > > When security is enforced (i.e. ENABLE_UNSAFE_RNGLIB is not set), > the Juno cannot generate secure random numbers through the RngLib. > Secure random numbers could be generated by using the Juno's TRNG. > This can be done by: > > - using the RngDxeLib implementation of the RngLib > - RngDxeLib relies on the RngDxe > - the RngDxe has access to the TRNG > > Pierre Gondois (3): > Platform/ARM: Place MdeLibs.dsc.inc as the first include > Platform/ARM: Move PcdEnforceSecureRngAlgorithms to MdePkg > Platform/ARM/Juno: Use DxeRngLib.inf as default RngLib implementation > Reviewed-by: Ard Biesheuvel Please ping me when this can be merged. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#120494): https://edk2.groups.io/g/devel/message/120494 Mute This Topic: https://groups.io/mt/108262991/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-