* Re: [edk2-devel] [PATCH 00/11] Use proper entropy sources [not found] <15D6E5DF9619E96C.9269@groups.io> @ 2019-11-14 2:19 ` Wang, Jian J 0 siblings, 0 replies; 3+ messages in thread From: Wang, Jian J @ 2019-11-14 2:19 UTC (permalink / raw) To: devel@edk2.groups.io, Wang, Jian J Cc: Ard Biesheuvel, Bret Barkelew, Zhang, Chao B, Wu, Jiaxin, Yao, Jiewen, Justen, Jordan L, Laszlo Ersek, Leif Lindholm, Gao, Liming, Rabeda, Maciej, Matthew Carlson, Kinney, Michael D, Ni, Ray, Sean Brogan, Fu, Siyuan, Lu, XiaoyuX The patches can also be found at in my fork in github https://github.com/jwang36/edk2/tree/fix-bz1871-use-proper-entropy-sources-v1 Regards, Jian > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Wang, Jian > J > Sent: Thursday, November 14, 2019 10:18 AM > To: devel@edk2.groups.io > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>; Bret Barkelew > <bret.barkelew@microsoft.com>; Zhang, Chao B <chao.b.zhang@intel.com>; > Wu, Jiaxin <jiaxin.wu@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Justen, > Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek <lersek@redhat.com>; Leif > Lindholm <leif.lindholm@linaro.org>; Gao, Liming <liming.gao@intel.com>; > Rabeda, Maciej <maciej.rabeda@intel.com>; Matthew Carlson > <macarl@microsoft.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Ni, > Ray <ray.ni@intel.com>; Sean Brogan <sean.brogan@microsoft.com>; Fu, > Siyuan <siyuan.fu@intel.com>; Lu, XiaoyuX <xiaoyux.lu@intel.com> > Subject: [edk2-devel] [PATCH 00/11] Use proper entropy sources > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1871 > > Patch series summary: > - Add BaseRngLibNull to package dsc > - Add DxeRngLibRngProtocol to make use EFI_RNG_PROTOCOL > - Add RdSeed interface and RngLibRdSeed for IA32/X64 arch > - Remove following files > rand_pool_noise.h > rand_pool_noise_tsc.c > rand_pool_noise.c > - Update rand_pool.c to use RngLib interface directly > and the drop the TimerLib depenency from OpensslLib > - Update OVMF platform dsc to use DxeRngLibRngProtocol > when necessary > > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > Cc: Bret Barkelew <bret.barkelew@microsoft.com> > Cc: Chao Zhang <chao.b.zhang@intel.com> > Cc: Jiaxin Wu <jiaxin.wu@intel.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Jordan Justen <jordan.l.justen@intel.com> > Cc: Laszlo Ersek <lersek@redhat.com> > Cc: Leif Lindholm <leif.lindholm@linaro.org> > Cc: Liming Gao <liming.gao@intel.com> > Cc: Maciej Rabeda <maciej.rabeda@intel.com> > Cc: Matthew Carlson <macarl@microsoft.com> > Cc: Michael D Kinney <michael.d.kinney@intel.com> > Cc: Ray Ni <ray.ni@intel.com> > Cc: Sean Brogan <sean.brogan@microsoft.com> > Cc: Siyuan Fu <siyuan.fu@intel.com> > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> > > Jian J Wang (11): > NetworkPkg/NetworkPkg.dsc: specify RngLib instance for build > SignedCapsulePkg/SignedCapsulePkg.dsc: specify RngLib instances > FmpDevicePkg/FmpDevicePkg.dsc: specify RngLib instances in dsc files > MdePkg/BaseLib: add interface to wrap rdseed IA instruction > SecurityPkg/RngLibRdSeed: add an instance of RngLib to make use rdseed > SecurityPkg/DxeRngLibRngProtocol: add RNG protocol version of RngLib > SecurityPkg/SecurityPkg.dsc: add new RngLib instances for build > OvmfPkg: specify RngLib instances in dsc files > ArmVirtPkg/ArmVirt.dsc.inc: specify RngLib instances in dsc files > CryptoPkg/OpensslLib: use RngLib to get high quality random entropy > FmpDevicePkg/FmpDevicePkg.dsc: remove TimerLib instance > > ArmVirtPkg/ArmVirt.dsc.inc | 2 + > CryptoPkg/CryptoPkg.dsc | 1 + > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 15 +- > .../Library/OpensslLib/OpensslLibCrypto.inf | 15 +- > CryptoPkg/Library/OpensslLib/rand_pool.c | 253 ++---------------- > .../Library/OpensslLib/rand_pool_noise.c | 29 -- > .../Library/OpensslLib/rand_pool_noise.h | 29 -- > .../Library/OpensslLib/rand_pool_noise_tsc.c | 43 --- > FmpDevicePkg/FmpDevicePkg.dsc | 2 +- > MdePkg/Include/Library/BaseLib.h | 51 ++++ > MdePkg/Library/BaseLib/BaseLib.inf | 4 + > MdePkg/Library/BaseLib/BaseLibInternals.h | 46 ++++ > MdePkg/Library/BaseLib/Ia32/RdSeed.nasm | 87 ++++++ > MdePkg/Library/BaseLib/X64/RdSeed.nasm | 80 ++++++ > MdePkg/Library/BaseLib/X86RdSeed.c | 73 +++++ > NetworkPkg/NetworkPkg.dsc | 1 + > OvmfPkg/OvmfPkgIa32.dsc | 5 + > OvmfPkg/OvmfPkgIa32X64.dsc | 5 + > OvmfPkg/OvmfPkgX64.dsc | 5 + > OvmfPkg/OvmfXen.dsc | 5 + > .../DxeRngLibRngProtocol.c | 200 ++++++++++++++ > .../DxeRngLibRngProtocol.inf | 42 +++ > .../DxeRngLibRngProtocol.uni | 14 + > .../RngLibRdSeed/RngLibRdSeed.inf | 37 +++ > .../RngLibRdSeed/RngLibRdSeed.uni | 18 ++ > .../RngLibRdSeed/RngRdSeed.c | 189 +++++++++++++ > SecurityPkg/SecurityPkg.dsc | 6 + > SignedCapsulePkg/SignedCapsulePkg.dsc | 6 + > 28 files changed, 909 insertions(+), 354 deletions(-) > delete mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c > delete mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h > delete mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > create mode 100644 MdePkg/Library/BaseLib/Ia32/RdSeed.nasm > create mode 100644 MdePkg/Library/BaseLib/X64/RdSeed.nasm > create mode 100644 MdePkg/Library/BaseLib/X86RdSeed.c > create mode 100644 > SecurityPkg/RandomNumberGenerator/DxeRngLibRngProtocol/DxeRngLibRngPr > otocol.c > create mode 100644 > SecurityPkg/RandomNumberGenerator/DxeRngLibRngProtocol/DxeRngLibRngPr > otocol.inf > create mode 100644 > SecurityPkg/RandomNumberGenerator/DxeRngLibRngProtocol/DxeRngLibRngPr > otocol.uni > create mode 100644 > SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLibRdSeed.inf > create mode 100644 > SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLibRdSeed.uni > create mode 100644 > SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngRdSeed.c > > -- > 2.17.1.windows.2 > > > ^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 00/11] Use proper entropy sources
@ 2019-11-14 2:17 Wang, Jian J
2019-11-14 4:21 ` [edk2-devel] " Michael D Kinney
0 siblings, 1 reply; 3+ messages in thread
From: Wang, Jian J @ 2019-11-14 2:17 UTC (permalink / raw)
To: devel
Cc: Ard Biesheuvel, Bret Barkelew, Chao Zhang, Jiaxin Wu, Jiewen Yao,
Jordan Justen, Laszlo Ersek, Leif Lindholm, Liming Gao,
Maciej Rabeda, Matthew Carlson, Michael D Kinney, Ray Ni,
Sean Brogan, Siyuan Fu, Xiaoyu Lu
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1871
Patch series summary:
- Add BaseRngLibNull to package dsc
- Add DxeRngLibRngProtocol to make use EFI_RNG_PROTOCOL
- Add RdSeed interface and RngLibRdSeed for IA32/X64 arch
- Remove following files
rand_pool_noise.h
rand_pool_noise_tsc.c
rand_pool_noise.c
- Update rand_pool.c to use RngLib interface directly
and the drop the TimerLib depenency from OpensslLib
- Update OVMF platform dsc to use DxeRngLibRngProtocol
when necessary
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Bret Barkelew <bret.barkelew@microsoft.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jordan Justen <jordan.l.justen@intel.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Liming Gao <liming.gao@intel.com>
Cc: Maciej Rabeda <maciej.rabeda@intel.com>
Cc: Matthew Carlson <macarl@microsoft.com>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Ray Ni <ray.ni@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
Jian J Wang (11):
NetworkPkg/NetworkPkg.dsc: specify RngLib instance for build
SignedCapsulePkg/SignedCapsulePkg.dsc: specify RngLib instances
FmpDevicePkg/FmpDevicePkg.dsc: specify RngLib instances in dsc files
MdePkg/BaseLib: add interface to wrap rdseed IA instruction
SecurityPkg/RngLibRdSeed: add an instance of RngLib to make use rdseed
SecurityPkg/DxeRngLibRngProtocol: add RNG protocol version of RngLib
SecurityPkg/SecurityPkg.dsc: add new RngLib instances for build
OvmfPkg: specify RngLib instances in dsc files
ArmVirtPkg/ArmVirt.dsc.inc: specify RngLib instances in dsc files
CryptoPkg/OpensslLib: use RngLib to get high quality random entropy
FmpDevicePkg/FmpDevicePkg.dsc: remove TimerLib instance
ArmVirtPkg/ArmVirt.dsc.inc | 2 +
CryptoPkg/CryptoPkg.dsc | 1 +
CryptoPkg/Library/OpensslLib/OpensslLib.inf | 15 +-
.../Library/OpensslLib/OpensslLibCrypto.inf | 15 +-
CryptoPkg/Library/OpensslLib/rand_pool.c | 253 ++----------------
.../Library/OpensslLib/rand_pool_noise.c | 29 --
.../Library/OpensslLib/rand_pool_noise.h | 29 --
.../Library/OpensslLib/rand_pool_noise_tsc.c | 43 ---
FmpDevicePkg/FmpDevicePkg.dsc | 2 +-
MdePkg/Include/Library/BaseLib.h | 51 ++++
MdePkg/Library/BaseLib/BaseLib.inf | 4 +
MdePkg/Library/BaseLib/BaseLibInternals.h | 46 ++++
MdePkg/Library/BaseLib/Ia32/RdSeed.nasm | 87 ++++++
MdePkg/Library/BaseLib/X64/RdSeed.nasm | 80 ++++++
MdePkg/Library/BaseLib/X86RdSeed.c | 73 +++++
NetworkPkg/NetworkPkg.dsc | 1 +
OvmfPkg/OvmfPkgIa32.dsc | 5 +
OvmfPkg/OvmfPkgIa32X64.dsc | 5 +
OvmfPkg/OvmfPkgX64.dsc | 5 +
OvmfPkg/OvmfXen.dsc | 5 +
.../DxeRngLibRngProtocol.c | 200 ++++++++++++++
.../DxeRngLibRngProtocol.inf | 42 +++
.../DxeRngLibRngProtocol.uni | 14 +
.../RngLibRdSeed/RngLibRdSeed.inf | 37 +++
.../RngLibRdSeed/RngLibRdSeed.uni | 18 ++
.../RngLibRdSeed/RngRdSeed.c | 189 +++++++++++++
SecurityPkg/SecurityPkg.dsc | 6 +
SignedCapsulePkg/SignedCapsulePkg.dsc | 6 +
28 files changed, 909 insertions(+), 354 deletions(-)
delete mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.c
delete mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise.h
delete mode 100644 CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c
create mode 100644 MdePkg/Library/BaseLib/Ia32/RdSeed.nasm
create mode 100644 MdePkg/Library/BaseLib/X64/RdSeed.nasm
create mode 100644 MdePkg/Library/BaseLib/X86RdSeed.c
create mode 100644 SecurityPkg/RandomNumberGenerator/DxeRngLibRngProtocol/DxeRngLibRngProtocol.c
create mode 100644 SecurityPkg/RandomNumberGenerator/DxeRngLibRngProtocol/DxeRngLibRngProtocol.inf
create mode 100644 SecurityPkg/RandomNumberGenerator/DxeRngLibRngProtocol/DxeRngLibRngProtocol.uni
create mode 100644 SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLibRdSeed.inf
create mode 100644 SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLibRdSeed.uni
create mode 100644 SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngRdSeed.c
--
2.17.1.windows.2
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [edk2-devel] [PATCH 00/11] Use proper entropy sources 2019-11-14 2:17 Wang, Jian J @ 2019-11-14 4:21 ` Michael D Kinney 2019-11-14 5:15 ` Wang, Jian J 0 siblings, 1 reply; 3+ messages in thread From: Michael D Kinney @ 2019-11-14 4:21 UTC (permalink / raw) To: devel@edk2.groups.io, Wang, Jian J, Kinney, Michael D Cc: Ard Biesheuvel, Bret Barkelew, Zhang, Chao B, Wu, Jiaxin, Yao, Jiewen, Justen, Jordan L, Laszlo Ersek, Leif Lindholm, Gao, Liming, Rabeda, Maciej, Matthew Carlson, Ni, Ray, Sean Brogan, Fu, Siyuan, Lu, XiaoyuX Jian, In this patch series I see mixed use of different RngLib instances. How does a platform developer working on their DSC file know if the BaseCryptLib services they are using require a Null or a complete implementation of the RngLib? How does a platform developer know if they made the wrong choice. Thanks, Mike > -----Original Message----- > From: devel@edk2.groups.io <devel@edk2.groups.io> On > Behalf Of Wang, Jian J > Sent: Wednesday, November 13, 2019 6:18 PM > To: devel@edk2.groups.io > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>; Bret > Barkelew <bret.barkelew@microsoft.com>; Zhang, Chao B > <chao.b.zhang@intel.com>; Wu, Jiaxin > <jiaxin.wu@intel.com>; Yao, Jiewen > <jiewen.yao@intel.com>; Justen, Jordan L > <jordan.l.justen@intel.com>; Laszlo Ersek > <lersek@redhat.com>; Leif Lindholm > <leif.lindholm@linaro.org>; Gao, Liming > <liming.gao@intel.com>; Rabeda, Maciej > <maciej.rabeda@intel.com>; Matthew Carlson > <macarl@microsoft.com>; Kinney, Michael D > <michael.d.kinney@intel.com>; Ni, Ray > <ray.ni@intel.com>; Sean Brogan > <sean.brogan@microsoft.com>; Fu, Siyuan > <siyuan.fu@intel.com>; Lu, XiaoyuX > <xiaoyux.lu@intel.com> > Subject: [edk2-devel] [PATCH 00/11] Use proper entropy > sources > > REF: > https://bugzilla.tianocore.org/show_bug.cgi?id=1871 > > Patch series summary: > - Add BaseRngLibNull to package dsc > - Add DxeRngLibRngProtocol to make use > EFI_RNG_PROTOCOL > - Add RdSeed interface and RngLibRdSeed for IA32/X64 > arch > - Remove following files > rand_pool_noise.h > rand_pool_noise_tsc.c > rand_pool_noise.c > - Update rand_pool.c to use RngLib interface directly > and the drop the TimerLib depenency from OpensslLib > - Update OVMF platform dsc to use DxeRngLibRngProtocol > when necessary > > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > Cc: Bret Barkelew <bret.barkelew@microsoft.com> > Cc: Chao Zhang <chao.b.zhang@intel.com> > Cc: Jiaxin Wu <jiaxin.wu@intel.com> > Cc: Jiewen Yao <jiewen.yao@intel.com> > Cc: Jordan Justen <jordan.l.justen@intel.com> > Cc: Laszlo Ersek <lersek@redhat.com> > Cc: Leif Lindholm <leif.lindholm@linaro.org> > Cc: Liming Gao <liming.gao@intel.com> > Cc: Maciej Rabeda <maciej.rabeda@intel.com> > Cc: Matthew Carlson <macarl@microsoft.com> > Cc: Michael D Kinney <michael.d.kinney@intel.com> > Cc: Ray Ni <ray.ni@intel.com> > Cc: Sean Brogan <sean.brogan@microsoft.com> > Cc: Siyuan Fu <siyuan.fu@intel.com> > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> > > Jian J Wang (11): > NetworkPkg/NetworkPkg.dsc: specify RngLib instance > for build > SignedCapsulePkg/SignedCapsulePkg.dsc: specify RngLib > instances > FmpDevicePkg/FmpDevicePkg.dsc: specify RngLib > instances in dsc files > MdePkg/BaseLib: add interface to wrap rdseed IA > instruction > SecurityPkg/RngLibRdSeed: add an instance of RngLib > to make use rdseed > SecurityPkg/DxeRngLibRngProtocol: add RNG protocol > version of RngLib > SecurityPkg/SecurityPkg.dsc: add new RngLib instances > for build > OvmfPkg: specify RngLib instances in dsc files > ArmVirtPkg/ArmVirt.dsc.inc: specify RngLib instances > in dsc files > CryptoPkg/OpensslLib: use RngLib to get high quality > random entropy > FmpDevicePkg/FmpDevicePkg.dsc: remove TimerLib > instance > > ArmVirtPkg/ArmVirt.dsc.inc | 2 + > CryptoPkg/CryptoPkg.dsc | 1 + > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 15 +- > .../Library/OpensslLib/OpensslLibCrypto.inf | 15 +- > CryptoPkg/Library/OpensslLib/rand_pool.c | 253 > ++---------------- > .../Library/OpensslLib/rand_pool_noise.c | 29 -- > .../Library/OpensslLib/rand_pool_noise.h | 29 -- > .../Library/OpensslLib/rand_pool_noise_tsc.c | 43 -- > - > FmpDevicePkg/FmpDevicePkg.dsc | 2 +- > MdePkg/Include/Library/BaseLib.h | 51 > ++++ > MdePkg/Library/BaseLib/BaseLib.inf | 4 + > MdePkg/Library/BaseLib/BaseLibInternals.h | 46 > ++++ > MdePkg/Library/BaseLib/Ia32/RdSeed.nasm | 87 > ++++++ > MdePkg/Library/BaseLib/X64/RdSeed.nasm | 80 > ++++++ > MdePkg/Library/BaseLib/X86RdSeed.c | 73 > +++++ > NetworkPkg/NetworkPkg.dsc | 1 + > OvmfPkg/OvmfPkgIa32.dsc | 5 + > OvmfPkg/OvmfPkgIa32X64.dsc | 5 + > OvmfPkg/OvmfPkgX64.dsc | 5 + > OvmfPkg/OvmfXen.dsc | 5 + > .../DxeRngLibRngProtocol.c | 200 > ++++++++++++++ > .../DxeRngLibRngProtocol.inf | 42 > +++ > .../DxeRngLibRngProtocol.uni | 14 + > .../RngLibRdSeed/RngLibRdSeed.inf | 37 > +++ > .../RngLibRdSeed/RngLibRdSeed.uni | 18 ++ > .../RngLibRdSeed/RngRdSeed.c | 189 > +++++++++++++ > SecurityPkg/SecurityPkg.dsc | 6 + > SignedCapsulePkg/SignedCapsulePkg.dsc | 6 + > 28 files changed, 909 insertions(+), 354 deletions(-) > delete mode 100644 > CryptoPkg/Library/OpensslLib/rand_pool_noise.c > delete mode 100644 > CryptoPkg/Library/OpensslLib/rand_pool_noise.h > delete mode 100644 > CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > create mode 100644 > MdePkg/Library/BaseLib/Ia32/RdSeed.nasm > create mode 100644 > MdePkg/Library/BaseLib/X64/RdSeed.nasm > create mode 100644 MdePkg/Library/BaseLib/X86RdSeed.c > create mode 100644 > SecurityPkg/RandomNumberGenerator/DxeRngLibRngProtocol/ > DxeRngLibRngProtocol.c > create mode 100644 > SecurityPkg/RandomNumberGenerator/DxeRngLibRngProtocol/ > DxeRngLibRngProtocol.inf > create mode 100644 > SecurityPkg/RandomNumberGenerator/DxeRngLibRngProtocol/ > DxeRngLibRngProtocol.uni > create mode 100644 > SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLibRd > Seed.inf > create mode 100644 > SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLibRd > Seed.uni > create mode 100644 > SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngRdSee > d.c > > -- > 2.17.1.windows.2 > > > ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [edk2-devel] [PATCH 00/11] Use proper entropy sources 2019-11-14 4:21 ` [edk2-devel] " Michael D Kinney @ 2019-11-14 5:15 ` Wang, Jian J 0 siblings, 0 replies; 3+ messages in thread From: Wang, Jian J @ 2019-11-14 5:15 UTC (permalink / raw) To: Kinney, Michael D, devel@edk2.groups.io Cc: Ard Biesheuvel, Bret Barkelew, Zhang, Chao B, Wu, Jiaxin, Yao, Jiewen, Justen, Jordan L, Laszlo Ersek, Leif Lindholm, Gao, Liming, Rabeda, Maciej, Matthew Carlson, Ni, Ray, Sean Brogan, Fu, Siyuan, Lu, XiaoyuX Hi Mike, Here're some suggestions: - If OpensslLib library is used, RngLib instance must be specified along with it. - For package dsc, BaseLibRngNull can be used because their main purpose is just for build. - For platforms which don't need random number at all, BaseLibRngNull is recommended. - If drivers HddPasswordDxe/TlsDxe (TlsLib) and/or crypto algorithm like AES/RSA-OAEP/RSA-PK1 are used in a platform, BaseLibRngNull must *not* be used. This rule might change due to the future code base change. - For IA32/X64 platforms, BaseLibRng is recommended as the default library instance to avoid unknown uses of RNG. But the users can choose - RngLibRdSeed, if rdseed is supported for sure and high quality of entropy source is needed; or - DxeRngLibRngProtocol, if EFI_RNG_PROTOCOL is implemented in the platform and only DXE drivers or applications use RNG, or arch independent is more important. - For OVMF, there's already a driver implemented EFI_RNG_PROTOCOL. DxeRngLibRngProtocol is always recommended. - For other ARCH platforms, I don't see implementation of RngLib nor EFI_RNG_PROTOCOL. They have to use BaseRngLibNull or implement their own version of RngLib. There's an ARCH independent solution called CPU Jitter RNG, which has been adopted by Linux. But there's concern that it won't work well in BIOS environment. (see https://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.html) - If BaseLibRngNull ASSERTs at boot time, there must be some use cases missed. Use a full implementation of RngLib instead. Regards, Jian > -----Original Message----- > From: Kinney, Michael D <michael.d.kinney@intel.com> > Sent: Thursday, November 14, 2019 12:21 PM > To: devel@edk2.groups.io; Wang, Jian J <jian.j.wang@intel.com>; Kinney, > Michael D <michael.d.kinney@intel.com> > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>; Bret Barkelew > <bret.barkelew@microsoft.com>; Zhang, Chao B <chao.b.zhang@intel.com>; > Wu, Jiaxin <jiaxin.wu@intel.com>; Yao, Jiewen <jiewen.yao@intel.com>; Justen, > Jordan L <jordan.l.justen@intel.com>; Laszlo Ersek <lersek@redhat.com>; Leif > Lindholm <leif.lindholm@linaro.org>; Gao, Liming <liming.gao@intel.com>; > Rabeda, Maciej <maciej.rabeda@intel.com>; Matthew Carlson > <macarl@microsoft.com>; Ni, Ray <ray.ni@intel.com>; Sean Brogan > <sean.brogan@microsoft.com>; Fu, Siyuan <siyuan.fu@intel.com>; Lu, XiaoyuX > <xiaoyux.lu@intel.com> > Subject: RE: [edk2-devel] [PATCH 00/11] Use proper entropy sources > > Jian, > > In this patch series I see mixed use of different RngLib instances. > > How does a platform developer working on their DSC file know if the > BaseCryptLib services they are using require a Null or a complete > implementation of the RngLib? How does a platform developer know > if they made the wrong choice. > > Thanks, > > Mike > > > -----Original Message----- > > From: devel@edk2.groups.io <devel@edk2.groups.io> On > > Behalf Of Wang, Jian J > > Sent: Wednesday, November 13, 2019 6:18 PM > > To: devel@edk2.groups.io > > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>; Bret > > Barkelew <bret.barkelew@microsoft.com>; Zhang, Chao B > > <chao.b.zhang@intel.com>; Wu, Jiaxin > > <jiaxin.wu@intel.com>; Yao, Jiewen > > <jiewen.yao@intel.com>; Justen, Jordan L > > <jordan.l.justen@intel.com>; Laszlo Ersek > > <lersek@redhat.com>; Leif Lindholm > > <leif.lindholm@linaro.org>; Gao, Liming > > <liming.gao@intel.com>; Rabeda, Maciej > > <maciej.rabeda@intel.com>; Matthew Carlson > > <macarl@microsoft.com>; Kinney, Michael D > > <michael.d.kinney@intel.com>; Ni, Ray > > <ray.ni@intel.com>; Sean Brogan > > <sean.brogan@microsoft.com>; Fu, Siyuan > > <siyuan.fu@intel.com>; Lu, XiaoyuX > > <xiaoyux.lu@intel.com> > > Subject: [edk2-devel] [PATCH 00/11] Use proper entropy > > sources > > > > REF: > > https://bugzilla.tianocore.org/show_bug.cgi?id=1871 > > > > Patch series summary: > > - Add BaseRngLibNull to package dsc > > - Add DxeRngLibRngProtocol to make use > > EFI_RNG_PROTOCOL > > - Add RdSeed interface and RngLibRdSeed for IA32/X64 > > arch > > - Remove following files > > rand_pool_noise.h > > rand_pool_noise_tsc.c > > rand_pool_noise.c > > - Update rand_pool.c to use RngLib interface directly > > and the drop the TimerLib depenency from OpensslLib > > - Update OVMF platform dsc to use DxeRngLibRngProtocol > > when necessary > > > > Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> > > Cc: Bret Barkelew <bret.barkelew@microsoft.com> > > Cc: Chao Zhang <chao.b.zhang@intel.com> > > Cc: Jiaxin Wu <jiaxin.wu@intel.com> > > Cc: Jiewen Yao <jiewen.yao@intel.com> > > Cc: Jordan Justen <jordan.l.justen@intel.com> > > Cc: Laszlo Ersek <lersek@redhat.com> > > Cc: Leif Lindholm <leif.lindholm@linaro.org> > > Cc: Liming Gao <liming.gao@intel.com> > > Cc: Maciej Rabeda <maciej.rabeda@intel.com> > > Cc: Matthew Carlson <macarl@microsoft.com> > > Cc: Michael D Kinney <michael.d.kinney@intel.com> > > Cc: Ray Ni <ray.ni@intel.com> > > Cc: Sean Brogan <sean.brogan@microsoft.com> > > Cc: Siyuan Fu <siyuan.fu@intel.com> > > Cc: Xiaoyu Lu <xiaoyux.lu@intel.com> > > > > Jian J Wang (11): > > NetworkPkg/NetworkPkg.dsc: specify RngLib instance > > for build > > SignedCapsulePkg/SignedCapsulePkg.dsc: specify RngLib > > instances > > FmpDevicePkg/FmpDevicePkg.dsc: specify RngLib > > instances in dsc files > > MdePkg/BaseLib: add interface to wrap rdseed IA > > instruction > > SecurityPkg/RngLibRdSeed: add an instance of RngLib > > to make use rdseed > > SecurityPkg/DxeRngLibRngProtocol: add RNG protocol > > version of RngLib > > SecurityPkg/SecurityPkg.dsc: add new RngLib instances > > for build > > OvmfPkg: specify RngLib instances in dsc files > > ArmVirtPkg/ArmVirt.dsc.inc: specify RngLib instances > > in dsc files > > CryptoPkg/OpensslLib: use RngLib to get high quality > > random entropy > > FmpDevicePkg/FmpDevicePkg.dsc: remove TimerLib > > instance > > > > ArmVirtPkg/ArmVirt.dsc.inc | 2 + > > CryptoPkg/CryptoPkg.dsc | 1 + > > CryptoPkg/Library/OpensslLib/OpensslLib.inf | 15 +- > > .../Library/OpensslLib/OpensslLibCrypto.inf | 15 +- > > CryptoPkg/Library/OpensslLib/rand_pool.c | 253 > > ++---------------- > > .../Library/OpensslLib/rand_pool_noise.c | 29 -- > > .../Library/OpensslLib/rand_pool_noise.h | 29 -- > > .../Library/OpensslLib/rand_pool_noise_tsc.c | 43 -- > > - > > FmpDevicePkg/FmpDevicePkg.dsc | 2 +- > > MdePkg/Include/Library/BaseLib.h | 51 > > ++++ > > MdePkg/Library/BaseLib/BaseLib.inf | 4 + > > MdePkg/Library/BaseLib/BaseLibInternals.h | 46 > > ++++ > > MdePkg/Library/BaseLib/Ia32/RdSeed.nasm | 87 > > ++++++ > > MdePkg/Library/BaseLib/X64/RdSeed.nasm | 80 > > ++++++ > > MdePkg/Library/BaseLib/X86RdSeed.c | 73 > > +++++ > > NetworkPkg/NetworkPkg.dsc | 1 + > > OvmfPkg/OvmfPkgIa32.dsc | 5 + > > OvmfPkg/OvmfPkgIa32X64.dsc | 5 + > > OvmfPkg/OvmfPkgX64.dsc | 5 + > > OvmfPkg/OvmfXen.dsc | 5 + > > .../DxeRngLibRngProtocol.c | 200 > > ++++++++++++++ > > .../DxeRngLibRngProtocol.inf | 42 > > +++ > > .../DxeRngLibRngProtocol.uni | 14 + > > .../RngLibRdSeed/RngLibRdSeed.inf | 37 > > +++ > > .../RngLibRdSeed/RngLibRdSeed.uni | 18 ++ > > .../RngLibRdSeed/RngRdSeed.c | 189 > > +++++++++++++ > > SecurityPkg/SecurityPkg.dsc | 6 + > > SignedCapsulePkg/SignedCapsulePkg.dsc | 6 + > > 28 files changed, 909 insertions(+), 354 deletions(-) > > delete mode 100644 > > CryptoPkg/Library/OpensslLib/rand_pool_noise.c > > delete mode 100644 > > CryptoPkg/Library/OpensslLib/rand_pool_noise.h > > delete mode 100644 > > CryptoPkg/Library/OpensslLib/rand_pool_noise_tsc.c > > create mode 100644 > > MdePkg/Library/BaseLib/Ia32/RdSeed.nasm > > create mode 100644 > > MdePkg/Library/BaseLib/X64/RdSeed.nasm > > create mode 100644 MdePkg/Library/BaseLib/X86RdSeed.c > > create mode 100644 > > SecurityPkg/RandomNumberGenerator/DxeRngLibRngProtocol/ > > DxeRngLibRngProtocol.c > > create mode 100644 > > SecurityPkg/RandomNumberGenerator/DxeRngLibRngProtocol/ > > DxeRngLibRngProtocol.inf > > create mode 100644 > > SecurityPkg/RandomNumberGenerator/DxeRngLibRngProtocol/ > > DxeRngLibRngProtocol.uni > > create mode 100644 > > SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLibRd > > Seed.inf > > create mode 100644 > > SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngLibRd > > Seed.uni > > create mode 100644 > > SecurityPkg/RandomNumberGenerator/RngLibRdSeed/RngRdSee > > d.c > > > > -- > > 2.17.1.windows.2 > > > > > > ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-11-14 5:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <15D6E5DF9619E96C.9269@groups.io>
2019-11-14 2:19 ` [edk2-devel] [PATCH 00/11] Use proper entropy sources Wang, Jian J
2019-11-14 2:17 Wang, Jian J
2019-11-14 4:21 ` [edk2-devel] " Michael D Kinney
2019-11-14 5:15 ` Wang, Jian J
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox