From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id E3A45D8030B for ; Sat, 11 May 2024 08:40:39 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=cMWhOdZ+a4uWYJGS7y9/rGDqxvKNLbVWzlzeL2XrAag=; c=relaxed/simple; d=groups.io; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; s=20240206; t=1715416838; v=1; b=LZoe6/laweyLW5mFHQl0/MUC6lPgiyKWv9IbAp5V9qQ9/Gxur0SLMq2QvciNSVEAYBDLqp8q HMO7MUYCNJPJqW+oKXT5KVHPXZHoMMpqbpg1xp2ILYA66y+DV+XBCKXJtQV10xc8zaGSE8p2MW4 bRRZOvF8jibctiAp2bY4YsjquBdUUcvxZM72ww5IXX4AkQiAy16ePIhx92PYwQCmd6S9rxOcZFN ykhIkIiBqcU6FxKCcmq6tyTUXMaXpXBM4AYi6E/cQnzgo7nv6Ey7KDnQtxR0oIylcS1pDhQy8x8 xiVgcQ02v9+ssPxHQ/SIBug+IZCgcMcbA/UNetIRczIRw== X-Received: by 127.0.0.2 with SMTP id 5EzSYY7687511xjd3LRGljph; Sat, 11 May 2024 01:40:38 -0700 X-Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by mx.groups.io with SMTP id smtpd.web10.10800.1715416837337427594 for ; Sat, 11 May 2024 01:40:37 -0700 X-Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id C2D2760FAD for ; Sat, 11 May 2024 08:40:36 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6FE5AC32783 for ; Sat, 11 May 2024 08:40:36 +0000 (UTC) X-Received: by mail-lj1-f178.google.com with SMTP id 38308e7fff4ca-2dfb4ea2bbfso30606291fa.2 for ; Sat, 11 May 2024 01:40:36 -0700 (PDT) X-Gm-Message-State: 3q7MP57dIj0evj5KNNvJ8LU2x7686176AA= X-Google-Smtp-Source: AGHT+IHHby5ek99iD3f7w3MdNl10uM36/g2dlGDHPhbcbJkpY7Uua8hqWy+MtEXnLzBtCLBQun66ladIzNtNnxKkWDY= X-Received: by 2002:ac2:4651:0:b0:520:ed4e:2200 with SMTP id 2adb3069b0e04-522100749e7mr2505709e87.54.1715416834692; Sat, 11 May 2024 01:40:34 -0700 (PDT) MIME-Version: 1.0 References: <004001daa274$8de608e0$a9b21aa0$@byosoft.com.cn> <32021.1715361185999490629@groups.io> In-Reply-To: <32021.1715361185999490629@groups.io> From: "Ard Biesheuvel" Date: Sat, 11 May 2024 10:40:23 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: =?UTF-8?B?UmU6IFtlZGsyLWRldmVsXSDlm57lpI06IFtlZGsyLWRldmVsXSBbUEFUQ0ggdjIgMDMvMTNdIE92bWZQa2c6UGxhdGZvcm1DSTogU3VwcG9ydCB2aXJ0aW8tcm5nLXBjaQ==?= To: devel@edk2.groups.io, dougflick@microsoft.com Cc: gaoliming , Gerd Hoffmann Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Sat, 11 May 2024 01:40:37 -0700 Resent-From: ardb@kernel.org Reply-To: devel@edk2.groups.io,ardb@kernel.org List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b="LZoe6/la"; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=kernel.org (policy=none) As I pointed out before, on the ARM side there are a few intersecting issues with these changes. (On x86, this is mostly avoided due to the fact that RDRAND is universally supported) - the RNDR instructions are not widely available yet, and support has not yet been added to ArmVirtQemu IIRC - the hypervisor TRNG service is only available when executing QEMU under KVM (true virtualization), or when running a firmware stack inside QEMU that implements it - QEMU itself does not expose this to guests when QEMU is acting as the hypervisor (TCG) - the virtio-rng device needs to be activated explicitly on the command lin= e On the one hand, this means there are various ways to get entropy on /most/ systems, but it also means that the default use case of running QEMU on a non-ARM host (implying lack of KVM) without virtio-rng-pci will not have any EFI_RNG_PROTOCOL available. We might change this with RNDR but this will still leave some use cases behind (where a specific CPU is selected rather than 'max') If the result of this series is that systems with a EFI_RNG_PROTOCOL implementation cannot boot at all, this is a problem. If it means they cannot boot from the network, I'd be less worried. And while adding -device virtio-rng-pci to the CI command lines was long overdue, doing so doesn't fix other deployments of QEMU with the bundled firmware, so something has to be done. So we can at least clarify what the consequences are of attempting to run OVMF/ArmVirtQemu on a system that does not implement EFI_RNG_PROTOCOL at all? And then, make an informed decision on how to mitigate any resulting breakage? On Fri, 10 May 2024 at 19:13, Doug Flick via groups.io wrote: > > At a high level, this isn't my project and I would look towards the maint= ainers to provide guidance about the direction they want to go. > > However, > > In my opinion, this is a debate on Security vs Compatibility. I'm biased = more towards security, and I've tried to make it easy for a platform to und= erstand what is happening with PcdEnforceSecureRngAlgorithms . If we defaul= t to default the platform never has the chance to understand what Rng Algor= ithms they provide and if that is a problem for them. Default is obviously = the most compatible but it's also the one that may or may not be backed by = something insecure. Which is why I would prefer if a platform acknowledges = that they know it's backed by something secure or if not its an active deci= sion. > >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#118831): https://edk2.groups.io/g/devel/message/118831 Mute This Topic: https://groups.io/mt/106013302/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-