Re: [edk2-devel] Assistance Needed: ArmVirtPkg

["Ard Biesheuvel" <ardb@kernel.org>]

On Tue, 7 May 2024 at 00:22, Doug Flick <dougflick@microsoft.com> wrote:
>
> All,
>
> In order to patch Tianocore Bugzilla issues and CVEs:
>  4541 – Bug 08 - edk2/NetworkPkg: Predictable TCP ISNs (tianocore.org)
> and
> 4542 – Bug 09 - edk2/NetworkPkg: Use of a Weak PseudoRandom Number Generator (tianocore.org)
>
> I've added as a dependency Hash2CryptoDxe and RngDxe lib to NetworkPkg. I've been able to add the relevant libraries to the DSCs of OvmfPkg and EmulatorPkg however I'm seeing odd behavior with ArmVirtPkg.
>
> Would someone more knowledgeable with ArmVirtPkg take a look this PR.
>
> PixieFail #8 and #9 TCBZ4541 and TCBZ4542 by Flickdm · Pull Request #5582 · tianocore/edk2 (github.com)
>
> The issue was introduced in the commit "ArmVirtPkg: : Add RngDxe to ArmVirtPkg"
>
> Right now PlatformCI_ArmVirtPkg_Ubuntu_GCC5_PR is crashing

You need to configure the TrngLib to use either secure monitor calls
or hypervisor calls, and this might be different depending on the
context:

- ordinary VMs running under proper virtualization will execute at EL1
under a hypervisor that implements the TRNG service, so it can only
use HVC (and SMC will trap, as you've experienced)

- QEMU itself does not implement the TRNG service (to my knowledge) so
running a VM under TCG emulation of EL1 will not have access to the
TRNG

- other emulation modes of QEMU may run the firmware in a different
way, where SMC is actually appropriate, and this could be either EL1
or EL2.

This makes it slightly awkward to decide whether or not to dispatch
RngDxe, and this is why nobody has gotten around to it (and I forgot
about this tbh)


TL;DR

building with --pcd PcdMonitorConduitHvc=TRUE will avoid the crash but
may not result in a usable RngDxe


It also seems to me that those network drivers will now need to DEPEX
on the RNG protocol, as they may get dispatched too early otherwise:

Failed to generate random data using secure algorithm 0: Unsupported
Failed to generate random data using secure algorithm 1: Unsupported
Failed to generate random data using secure algorithm 2: Unsupported

ASSERT_EFI_ERROR (Status = Unsupported)
ASSERT [Udp4Dxe] DxeNetLib.c(973): !(((INTN)(RETURN_STATUS)(Status)) < 0)
QEMU: Terminated

This is with -device virtio-rng-pci and the VirtioRngDxe driver (which
is already included in OVMF and ArmVirtQemu) but the driver dispatches
before the driver model can instantiate the protocol.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#118646): https://edk2.groups.io/g/devel/message/118646
Mute This Topic: https://groups.io/mt/105949609/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-