From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
 by mx.groups.io with SMTP id smtpd.web10.1192.1678124234293164014
 for <devel@edk2.groups.io>;
 Mon, 06 Mar 2023 09:37:14 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@kernel.org header.s=k20201202 header.b=JGiBrEIA;
 spf=pass (domain: kernel.org, ip: 145.40.68.75, mailfrom: ardb@kernel.org)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ams.source.kernel.org (Postfix) with ESMTPS id 1D60CB80FE1
	for <devel@edk2.groups.io>; Mon,  6 Mar 2023 17:37:12 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id BB0D0C433EF
	for <devel@edk2.groups.io>; Mon,  6 Mar 2023 17:37:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1678124230;
	bh=/okAwgNU8eHR7J7UQxNRtjHOIABNVpi5/NuYzsnInjw=;
	h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
	b=JGiBrEIA6DH3QCZwmVPvKns40BFSNG9gO2EneFvh7evcVjzt7u9T6tzQAhLkNF10/
	 SIX2bWELPjOJvH3P+RCjcS0OjV9kNP7ReSzoTqU0DfJ/JtQml5lHWr1fz6Q33RIxeV
	 pCK1KlAtCLHto5iWQyILcurK/9dB7BsEvoz3ijZ17JJY+9dn01ZwzokWWw4w6ne1wK
	 +DePR0zRO9T5SWhSpwaTXgKO7i0pB4FW+vTJYLakyheMBda1iyqE/5S2r6CQL35dmm
	 P3ho2HpBtBrxoownPvS2yeoGxT9U/y9ssJNtpWJuKqQI2fqasTTxIIxgHWaKvtruLD
	 KCgw0riKLtuiA==
Received: by mail-lf1-f50.google.com with SMTP id d36so10659292lfv.8
        for <devel@edk2.groups.io>; Mon, 06 Mar 2023 09:37:10 -0800 (PST)
X-Gm-Message-State: AO0yUKVurm8TMXE/7ys33gG6UhqURodRMDQEbP48tYljyzIuKc/PyuMX
	jdTHjZvWv+6C6zST6FbJTUf604i65MbPdTLkLl0=
X-Google-Smtp-Source: AK7set/kY9b48YzeCeqcTDdkPmWYrWwRl5bxRYr16oBrAajYB277d9vhs9Mv0dLM2OfWEwc+DPB8HbN1qrbTKBvAzK0=
X-Received: by 2002:ac2:545a:0:b0:4dc:807a:d143 with SMTP id
 d26-20020ac2545a000000b004dc807ad143mr3344126lfn.7.1678124228719; Mon, 06 Mar
 2023 09:37:08 -0800 (PST)
MIME-Version: 1.0
References: <20221124161756.216996-1-Pierre.Gondois@arm.com>
 <CAMj1kXG5c7C0R6Vsw6j0uYF7uY6FHFyVaGyfLu3zZ1MhuiSV_Q@mail.gmail.com>
 <172BC2FE233A5592.368@groups.io> <19cafc02-6589-462c-e200-00018486bb1f@arm.com>
 <17426C66FE22D73E.5513@groups.io> <9404e123-ff27-f184-a63b-a587f842f428@arm.com>
 <MW4PR11MB587215F6039BC6F3F2676FFD8CB69@MW4PR11MB5872.namprd11.prod.outlook.com>
 <CAMj1kXH_V89-smbOxwt8jXbnLA42Jp0t=6m_CvFj8Jn=S3azXw@mail.gmail.com> <a5a30666-6f61-0de5-c426-9d9250d1d623@arm.com>
In-Reply-To: <a5a30666-6f61-0de5-c426-9d9250d1d623@arm.com>
From: "Ard Biesheuvel" <ardb@kernel.org>
Date: Mon, 6 Mar 2023 18:36:57 +0100
X-Gmail-Original-Message-ID: <CAMj1kXFFa1PCBpNQ3EBRgFbPj+rC2pKUDcniE_MF2t68oix5Tg@mail.gmail.com>
Message-ID: <CAMj1kXFFa1PCBpNQ3EBRgFbPj+rC2pKUDcniE_MF2t68oix5Tg@mail.gmail.com>
Subject: Re: [edk2-devel] [PATCH v3 0/4] ArmPkg/SecurityPkg: Fixes for ArmTrngLib/RngDxe
To: Pierre Gondois <pierre.gondois@arm.com>
Cc: "Yao, Jiewen" <jiewen.yao@intel.com>, "devel@edk2.groups.io" <devel@edk2.groups.io>, 
	Leif Lindholm <leif@nuviainc.com>, Sami Mujawar <sami.mujawar@arm.com>, 
	"Wang, Jian J" <jian.j.wang@intel.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Mon, 6 Mar 2023 at 18:09, Pierre Gondois <pierre.gondois@arm.com> wrote:
>
> Hello Jiewen, Ard,
> Thanks for the review.
>
> On 3/6/23 17:22, Ard Biesheuvel wrote:
> > On Mon, 6 Mar 2023 at 16:42, Yao, Jiewen <jiewen.yao@intel.com> wrote:
> >>
> >> Hi Pierre
> >> I don=E2=80=99t have strong opinion.
> >>
> >> For ARM specific patch, would you please get R-B from ARM expert?
> >>
> >> I think we need to wait for the response from Ard to confirm.
> >>
> >
> > These patches
> >
> >    SecurityPkg/RngDxe: Correctly update mAvailableAlgoArrayCount
> >    SecurityPkg/RngDxe: Conditionally install EFI_RNG_PROTOCOL
> >
> > Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
> >
> > Jiewen, if you don't mind, I will merge those right away.
> >
> > For the remaining patch, I am not sure I understand why the behavior
> > regarding the zero GUID is correct. Perhaps we could
> > revisit/resend/review that patch in isolation?
>
> About the zero GUID, the PcdCpuRngSupportedAlgorithm allows to describe
> the platform specific rng algorithm used. However KvmTool could run
> on any platform, so PcdCpuRngSupportedAlgorithm cannot be set to a proper
> GUID value.

OK so the problem is that we don't know which exact algorithm is being
used to back the RNDR/RNDRRS system registers?

In that case, we just invent a GUID and document it as 'unspecified
NIST SP800-90A Rev 1 conformant algorithm', and use that as the
default.

Then, we can treat the zero guid as 'not implemented', and ignore it.
That means not installing the RNG protocol at all if neither the
system register nor the hypercall based RNG is available.


> A zero GUID is not really compliant to the UEFI spec (s37.5.1 EFI RNG
> Algorithm Definitions), but I am not sure which other choice could be
> made,
>
> I'm not sure this was your question, please let know if it wasn't,
>