From: "Sami Mujawar" <sami.mujawar@arm.com>
To: Pierre Gondois <Pierre.Gondois@arm.com>,
"devel@edk2.groups.io" <devel@edk2.groups.io>
Cc: "ardb+tianocore@kernel.org" <ardb+tianocore@kernel.org>,
Thomas Abraham <thomas.abraham@arm.com>
Subject: Re: [edk2-devel] [PATCH 0/3] Platform/ARM/Juno: Use RngDxeLib
Date: Wed, 4 Sep 2024 12:31:09 +0000 [thread overview]
Message-ID: <E533EA9B-C7DE-4D62-8B49-9D0EACCD752E@arm.com> (raw)
In-Reply-To: <20240904113905.1736428-1-Pierre.Gondois@arm.com>
Hi Pierre,
Thank you for these changes.
For this series.
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>
Regards,
Sami Mujawar
On 04/09/2024, 12:39, "Pierre.Gondois@arm.com <mailto:Pierre.Gondois@arm.com>" <Pierre.Gondois@arm.com <mailto:Pierre.Gondois@arm.com>> wrote:
From: Pierre Gondois <pierre.gondois@arm.com <mailto:pierre.gondois@arm.com>>
Juno's RngLib implementation is:
- BaseRngLib.inf if a secure RngLib is enforced
- BaseRngLibTimerLib.inf if a non-secure RngLib is tolerated
BaseRngLib.inf relies on the Arm's RNDR instruction. The instruction
returns a DRBG-generated random number. The DRBG used is considered
as secure.
The RNDR instruction is available if FEAT_RNG is set. The Juno doesn't
support it.
When security is enforced (i.e. ENABLE_UNSAFE_RNGLIB is not set),
the Juno cannot generate secure random numbers through the RngLib.
Secure random numbers could be generated by using the Juno's TRNG.
This can be done by:
- using the RngDxeLib implementation of the RngLib
- RngDxeLib relies on the RngDxe
- the RngDxe has access to the TRNG
Pierre Gondois (3):
Platform/ARM: Place MdeLibs.dsc.inc as the first include
Platform/ARM: Move PcdEnforceSecureRngAlgorithms to MdePkg
Platform/ARM/Juno: Use DxeRngLib.inf as default RngLib implementation
Platform/ARM/JunoPkg/ArmJuno.dsc | 19 +++++++++++++++++--
Platform/ARM/Morello/MorelloPlatformFvp.dsc | 6 +++---
Platform/ARM/N1Sdp/N1SdpPlatform.dsc | 2 +-
Platform/ARM/SgiPkg/RdE1Edge/RdE1Edge.dsc | 6 +++---
Platform/ARM/SgiPkg/RdN1Edge/RdN1Edge.dsc | 6 +++---
Platform/ARM/SgiPkg/RdN1EdgeX2/RdN1EdgeX2.dsc | 6 +++---
Platform/ARM/SgiPkg/RdN2/RdN2.dsc | 6 +++---
Platform/ARM/SgiPkg/RdN2Cfg1/RdN2Cfg1.dsc | 6 +++---
Platform/ARM/SgiPkg/RdN2Cfg2/RdN2Cfg2.dsc | 6 +++---
Platform/ARM/SgiPkg/RdN2Cfg3/RdN2Cfg3.dsc | 6 +++---
Platform/ARM/SgiPkg/RdV1/RdV1.dsc | 6 +++---
Platform/ARM/SgiPkg/RdV1Mc/RdV1Mc.dsc | 6 +++---
Platform/ARM/SgiPkg/RdV3/RdV3.dsc | 6 +++---
Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc | 6 +++---
.../VExpressPkg/ArmVExpress-FVP-AArch64.dsc | 2 +-
Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc | 2 +-
16 files changed, 56 insertions(+), 41 deletions(-)
--
2.25.1
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120495): https://edk2.groups.io/g/devel/message/120495
Mute This Topic: https://groups.io/mt/108262991/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-
prev parent reply other threads:[~2024-09-04 12:31 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-04 11:39 [edk2-devel] [PATCH 0/3] Platform/ARM/Juno: Use RngDxeLib PierreGondois
2024-09-04 11:39 ` [edk2-devel] [PATCH 1/3] Platform/ARM: Place MdeLibs.dsc.inc as the first include PierreGondois
2024-09-04 11:39 ` [edk2-devel] [PATCH 2/3] Platform/ARM: Move PcdEnforceSecureRngAlgorithms to MdePkg PierreGondois
2024-09-04 11:39 ` [edk2-devel] [PATCH 3/3] Platform/ARM/Juno: Use DxeRngLib.inf as default RngLib implementation PierreGondois
2024-09-04 12:05 ` [edk2-devel] [PATCH 0/3] Platform/ARM/Juno: Use RngDxeLib Ard Biesheuvel via groups.io
2024-09-04 12:31 ` Sami Mujawar [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E533EA9B-C7DE-4D62-8B49-9D0EACCD752E@arm.com \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox