[edk2-devel] [PATCH 0/3] Platform/ARM/Juno: Use RngDxeLib

[edk2-devel] [PATCH 0/3] Platform/ARM/Juno: Use RngDxeLib

[PierreGondois]

From: Pierre Gondois <pierre.gondois@arm.com>

Juno's RngLib implementation is:

- BaseRngLib.inf if a secure RngLib is enforced
- BaseRngLibTimerLib.inf if a non-secure RngLib is tolerated

BaseRngLib.inf relies on the Arm's RNDR instruction. The instruction
returns a DRBG-generated random number. The DRBG used is considered
as secure.
The RNDR instruction is available if FEAT_RNG is set. The Juno doesn't
support it.

When security is enforced (i.e. ENABLE_UNSAFE_RNGLIB is not set),
the Juno cannot generate secure random numbers through the RngLib.
Secure random numbers could be generated by using the Juno's TRNG.
This can be done by:

- using the RngDxeLib implementation of the RngLib
- RngDxeLib relies on the RngDxe
- the RngDxe has access to the TRNG

Pierre Gondois (3):
  Platform/ARM: Place MdeLibs.dsc.inc as the first include
  Platform/ARM: Move PcdEnforceSecureRngAlgorithms to MdePkg
  Platform/ARM/Juno: Use DxeRngLib.inf as default RngLib implementation

 Platform/ARM/JunoPkg/ArmJuno.dsc              | 19 +++++++++++++++++--
 Platform/ARM/Morello/MorelloPlatformFvp.dsc   |  6 +++---
 Platform/ARM/N1Sdp/N1SdpPlatform.dsc          |  2 +-
 Platform/ARM/SgiPkg/RdE1Edge/RdE1Edge.dsc     |  6 +++---
 Platform/ARM/SgiPkg/RdN1Edge/RdN1Edge.dsc     |  6 +++---
 Platform/ARM/SgiPkg/RdN1EdgeX2/RdN1EdgeX2.dsc |  6 +++---
 Platform/ARM/SgiPkg/RdN2/RdN2.dsc             |  6 +++---
 Platform/ARM/SgiPkg/RdN2Cfg1/RdN2Cfg1.dsc     |  6 +++---
 Platform/ARM/SgiPkg/RdN2Cfg2/RdN2Cfg2.dsc     |  6 +++---
 Platform/ARM/SgiPkg/RdN2Cfg3/RdN2Cfg3.dsc     |  6 +++---
 Platform/ARM/SgiPkg/RdV1/RdV1.dsc             |  6 +++---
 Platform/ARM/SgiPkg/RdV1Mc/RdV1Mc.dsc         |  6 +++---
 Platform/ARM/SgiPkg/RdV3/RdV3.dsc             |  6 +++---
 Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc         |  6 +++---
 .../VExpressPkg/ArmVExpress-FVP-AArch64.dsc   |  2 +-
 Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc  |  2 +-
 16 files changed, 56 insertions(+), 41 deletions(-)

-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120490): https://edk2.groups.io/g/devel/message/120490
Mute This Topic: https://groups.io/mt/108262991/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 1/3] Platform/ARM: Place MdeLibs.dsc.inc as the first include

[PierreGondois]

From: Pierre Gondois <pierre.gondois@arm.com>

For a same MODELE_TYPE/ARCH LibraryClasses section, multiple
libraries can be defined. E.g.:
[LibraryClasses.AARCH64.DXE_DRIVER]
  ArmTrngLib|ArmPkg/Library/ArmTrngLib/ArmTrngLib.inf
  ArmTrngLib|MdePkg/Library/BaseArmTrngLibNull/BaseArmTrngLibNull.inf

In such case, the latest defined library is used. DSC files can
include other files. MdeLibs.dsc.inc is included after other
.dsc.inc files in some ARM platforms, even though it provides
NULL libraries and only aims to satisfy dependencies.

For the Juno, not having MdeLibs.dsc.inc as the fist included file
leads to overriding the ArmTrngLib with its NULL instance.

Place MdeLibs.dsc.inc as the first file included for all ARM
platforms.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
---
 Platform/ARM/JunoPkg/ArmJuno.dsc                     | 3 ++-
 Platform/ARM/Morello/MorelloPlatformFvp.dsc          | 6 +++---
 Platform/ARM/N1Sdp/N1SdpPlatform.dsc                 | 2 +-
 Platform/ARM/SgiPkg/RdE1Edge/RdE1Edge.dsc            | 6 +++---
 Platform/ARM/SgiPkg/RdN1Edge/RdN1Edge.dsc            | 6 +++---
 Platform/ARM/SgiPkg/RdN1EdgeX2/RdN1EdgeX2.dsc        | 6 +++---
 Platform/ARM/SgiPkg/RdN2/RdN2.dsc                    | 6 +++---
 Platform/ARM/SgiPkg/RdN2Cfg1/RdN2Cfg1.dsc            | 6 +++---
 Platform/ARM/SgiPkg/RdN2Cfg2/RdN2Cfg2.dsc            | 6 +++---
 Platform/ARM/SgiPkg/RdN2Cfg3/RdN2Cfg3.dsc            | 6 +++---
 Platform/ARM/SgiPkg/RdV1/RdV1.dsc                    | 6 +++---
 Platform/ARM/SgiPkg/RdV1Mc/RdV1Mc.dsc                | 6 +++---
 Platform/ARM/SgiPkg/RdV3/RdV3.dsc                    | 6 +++---
 Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc                | 6 +++---
 Platform/ARM/VExpressPkg/ArmVExpress-FVP-AArch64.dsc | 2 +-
 15 files changed, 40 insertions(+), 39 deletions(-)

diff --git a/Platform/ARM/JunoPkg/ArmJuno.dsc b/Platform/ARM/JunoPkg/ArmJuno.dsc
index cf8de7e0a75f..89ce9abb240b 100644
--- a/Platform/ARM/JunoPkg/ArmJuno.dsc
+++ b/Platform/ARM/JunoPkg/ArmJuno.dsc
@@ -25,9 +25,10 @@ [Defines]
   SKUID_IDENTIFIER               = DEFAULT
   FLASH_DEFINITION               = Platform/ARM/JunoPkg/ArmJuno.fdf
 
+!include MdePkg/MdeLibs.dsc.inc
+
 # On RTSM, most peripherals are VExpress Motherboard peripherals
 !include Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
-!include MdePkg/MdeLibs.dsc.inc
 
 !ifdef DYNAMIC_TABLES_FRAMEWORK
 !include DynamicTablesPkg/DynamicTables.dsc.inc
diff --git a/Platform/ARM/Morello/MorelloPlatformFvp.dsc b/Platform/ARM/Morello/MorelloPlatformFvp.dsc
index ee612296a80e..9421755d1e36 100644
--- a/Platform/ARM/Morello/MorelloPlatformFvp.dsc
+++ b/Platform/ARM/Morello/MorelloPlatformFvp.dsc
@@ -30,14 +30,14 @@ [Defines]
   # Network definition
   DEFINE NETWORK_ISCSI_ENABLE    = FALSE
 
+# include common/basic libraries from MdePkg.
+!include MdePkg/MdeLibs.dsc.inc
+
 !include Platform/ARM/Morello/MorelloPlatform.dsc.inc
 !include Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
 !include DynamicTablesPkg/DynamicTables.dsc.inc
 !include Platform/ARM/Morello/ConfigurationManager/ConfigurationManagerFvp.dsc.inc
 
-# include common/basic libraries from MdePkg.
-!include MdePkg/MdeLibs.dsc.inc
-
 [LibraryClasses.common]
   # Virtio Support
   VirtioLib|OvmfPkg/Library/VirtioLib/VirtioLib.inf
diff --git a/Platform/ARM/N1Sdp/N1SdpPlatform.dsc b/Platform/ARM/N1Sdp/N1SdpPlatform.dsc
index ba8b624fde38..f44dae4afdd6 100644
--- a/Platform/ARM/N1Sdp/N1SdpPlatform.dsc
+++ b/Platform/ARM/N1Sdp/N1SdpPlatform.dsc
@@ -27,8 +27,8 @@ [Defines]
   FLASH_DEFINITION               = Platform/ARM/N1Sdp/N1SdpPlatform.fdf
   BUILD_NUMBER                   = 1
 
-!include Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
 !include MdePkg/MdeLibs.dsc.inc
+!include Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
 
 !include DynamicTablesPkg/DynamicTables.dsc.inc
 
diff --git a/Platform/ARM/SgiPkg/RdE1Edge/RdE1Edge.dsc b/Platform/ARM/SgiPkg/RdE1Edge/RdE1Edge.dsc
index c7463da5203e..80432ac3ebae 100644
--- a/Platform/ARM/SgiPkg/RdE1Edge/RdE1Edge.dsc
+++ b/Platform/ARM/SgiPkg/RdE1Edge/RdE1Edge.dsc
@@ -24,13 +24,13 @@ [Defines]
 
   DEFINE PCIE_ENABLE             = TRUE
 
+# include common/basic libraries from MdePkg.
+!include MdePkg/MdeLibs.dsc.inc
+
 # include common definitions from SgiPlatform.dsc
 !include Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
 !include Platform/ARM/SgiPkg/SgiMemoryMap.dsc.inc
 
-# include common/basic libraries from MdePkg.
-!include MdePkg/MdeLibs.dsc.inc
-
 ################################################################################
 #
 # Pcd Section - list of all EDK II PCD Entries defined by this Platform
diff --git a/Platform/ARM/SgiPkg/RdN1Edge/RdN1Edge.dsc b/Platform/ARM/SgiPkg/RdN1Edge/RdN1Edge.dsc
index 77efec9d9533..a11e74cfb5d3 100644
--- a/Platform/ARM/SgiPkg/RdN1Edge/RdN1Edge.dsc
+++ b/Platform/ARM/SgiPkg/RdN1Edge/RdN1Edge.dsc
@@ -24,13 +24,13 @@ [Defines]
 
   DEFINE PCIE_ENABLE             = TRUE
 
+# include common/basic libraries from MdePkg.
+!include MdePkg/MdeLibs.dsc.inc
+
 # include common definitions from SgiPlatform.dsc
 !include Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
 !include Platform/ARM/SgiPkg/SgiMemoryMap.dsc.inc
 
-# include common/basic libraries from MdePkg.
-!include MdePkg/MdeLibs.dsc.inc
-
 ################################################################################
 #
 # Pcd Section - list of all EDK II PCD Entries defined by this Platform
diff --git a/Platform/ARM/SgiPkg/RdN1EdgeX2/RdN1EdgeX2.dsc b/Platform/ARM/SgiPkg/RdN1EdgeX2/RdN1EdgeX2.dsc
index 521d88925059..705dedccbc46 100644
--- a/Platform/ARM/SgiPkg/RdN1EdgeX2/RdN1EdgeX2.dsc
+++ b/Platform/ARM/SgiPkg/RdN1EdgeX2/RdN1EdgeX2.dsc
@@ -24,13 +24,13 @@ [Defines]
 
   DEFINE PCIE_ENABLE             = TRUE
 
+# include common/basic libraries from MdePkg.
+!include MdePkg/MdeLibs.dsc.inc
+
 # include common definitions from SgiPlatform.dsc
 !include Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
 !include Platform/ARM/SgiPkg/SgiMemoryMap.dsc.inc
 
-# include common/basic libraries from MdePkg.
-!include MdePkg/MdeLibs.dsc.inc
-
 ################################################################################
 #
 # Pcd Section - list of all EDK II PCD Entries defined by this Platform
diff --git a/Platform/ARM/SgiPkg/RdN2/RdN2.dsc b/Platform/ARM/SgiPkg/RdN2/RdN2.dsc
index 49a317a930e0..7bc9a8186b8d 100644
--- a/Platform/ARM/SgiPkg/RdN2/RdN2.dsc
+++ b/Platform/ARM/SgiPkg/RdN2/RdN2.dsc
@@ -22,13 +22,13 @@ [Defines]
   BOARD_DXE_FV_COMPONENTS        = Platform/ARM/SgiPkg/RdN2/RdN2.fdf.inc
   BUILD_NUMBER                   = 1
 
+# include common/basic libraries from MdePkg.
+!include MdePkg/MdeLibs.dsc.inc
+
 # include common definitions from SgiPlatform.dsc
 !include Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
 !include Platform/ARM/SgiPkg/SgiMemoryMap2.dsc.inc
 
-# include common/basic libraries from MdePkg.
-!include MdePkg/MdeLibs.dsc.inc
-
 ################################################################################
 #
 # Pcd Section - list of all EDK II PCD Entries defined by this Platform
diff --git a/Platform/ARM/SgiPkg/RdN2Cfg1/RdN2Cfg1.dsc b/Platform/ARM/SgiPkg/RdN2Cfg1/RdN2Cfg1.dsc
index c26f652cb9e9..5e5a776606c3 100644
--- a/Platform/ARM/SgiPkg/RdN2Cfg1/RdN2Cfg1.dsc
+++ b/Platform/ARM/SgiPkg/RdN2Cfg1/RdN2Cfg1.dsc
@@ -24,13 +24,13 @@ [Defines]
   BOARD_DXE_FV_COMPONENTS        = Platform/ARM/SgiPkg/RdN2Cfg1/RdN2Cfg1.fdf.inc
   BUILD_NUMBER                   = 1
 
+# include common/basic libraries from MdePkg.
+!include MdePkg/MdeLibs.dsc.inc
+
 # include common definitions from SgiPlatform.dsc
 !include Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
 !include Platform/ARM/SgiPkg/SgiMemoryMap2.dsc.inc
 
-# include common/basic libraries from MdePkg.
-!include MdePkg/MdeLibs.dsc.inc
-
 ################################################################################
 #
 # Pcd Section - list of all EDK II PCD Entries defined by this Platform
diff --git a/Platform/ARM/SgiPkg/RdN2Cfg2/RdN2Cfg2.dsc b/Platform/ARM/SgiPkg/RdN2Cfg2/RdN2Cfg2.dsc
index 0a7991e77b78..a52966b30cca 100644
--- a/Platform/ARM/SgiPkg/RdN2Cfg2/RdN2Cfg2.dsc
+++ b/Platform/ARM/SgiPkg/RdN2Cfg2/RdN2Cfg2.dsc
@@ -22,13 +22,13 @@ [Defines]
   BOARD_DXE_FV_COMPONENTS        = Platform/ARM/SgiPkg/RdN2Cfg2/RdN2Cfg2.fdf.inc
   BUILD_NUMBER                   = 1
 
+# include common/basic libraries from MdePkg.
+!include MdePkg/MdeLibs.dsc.inc
+
 # include common definitions from SgiPlatform.dsc
 !include Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
 !include Platform/ARM/SgiPkg/SgiMemoryMap2.dsc.inc
 
-# include common/basic libraries from MdePkg.
-!include MdePkg/MdeLibs.dsc.inc
-
 ################################################################################
 #
 # Pcd Section - list of all EDK II PCD Entries defined by this Platform
diff --git a/Platform/ARM/SgiPkg/RdN2Cfg3/RdN2Cfg3.dsc b/Platform/ARM/SgiPkg/RdN2Cfg3/RdN2Cfg3.dsc
index 88293b236a32..94fe46b8d477 100644
--- a/Platform/ARM/SgiPkg/RdN2Cfg3/RdN2Cfg3.dsc
+++ b/Platform/ARM/SgiPkg/RdN2Cfg3/RdN2Cfg3.dsc
@@ -22,13 +22,13 @@ [Defines]
   BOARD_DXE_FV_COMPONENTS        = Platform/ARM/SgiPkg/RdN2Cfg3/RdN2Cfg3.fdf.inc
   BUILD_NUMBER                   = 1
 
+# include common/basic libraries from MdePkg.
+!include MdePkg/MdeLibs.dsc.inc
+
 # include common definitions from SgiPlatform.dsc
 !include Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
 !include Platform/ARM/SgiPkg/SgiMemoryMap2.dsc.inc
 
-# include common/basic libraries from MdePkg.
-!include MdePkg/MdeLibs.dsc.inc
-
 ################################################################################
 #
 # Pcd Section - list of all EDK II PCD Entries defined by this Platform
diff --git a/Platform/ARM/SgiPkg/RdV1/RdV1.dsc b/Platform/ARM/SgiPkg/RdV1/RdV1.dsc
index 2a4bb019fe7a..50726cb0cee2 100644
--- a/Platform/ARM/SgiPkg/RdV1/RdV1.dsc
+++ b/Platform/ARM/SgiPkg/RdV1/RdV1.dsc
@@ -24,13 +24,13 @@ [Defines]
 
   DEFINE PCIE_ENABLE             = TRUE
 
+# include common/basic libraries from MdePkg.
+!include MdePkg/MdeLibs.dsc.inc
+
 # include common definitions from SgiPlatform.dsc
 !include Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
 !include Platform/ARM/SgiPkg/SgiMemoryMap.dsc.inc
 
-# include common/basic libraries from MdePkg.
-!include MdePkg/MdeLibs.dsc.inc
-
 ################################################################################
 #
 # Pcd Section - list of all EDK II PCD Entries defined by this Platform
diff --git a/Platform/ARM/SgiPkg/RdV1Mc/RdV1Mc.dsc b/Platform/ARM/SgiPkg/RdV1Mc/RdV1Mc.dsc
index 971e2ccca367..6ed99cf080b9 100644
--- a/Platform/ARM/SgiPkg/RdV1Mc/RdV1Mc.dsc
+++ b/Platform/ARM/SgiPkg/RdV1Mc/RdV1Mc.dsc
@@ -24,13 +24,13 @@ [Defines]
 
   DEFINE PCIE_ENABLE             = TRUE
 
+# include common/basic libraries from MdePkg.
+!include MdePkg/MdeLibs.dsc.inc
+
 # include common definitions from SgiPlatform.dsc
 !include Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
 !include Platform/ARM/SgiPkg/SgiMemoryMap.dsc.inc
 
-# include common/basic libraries from MdePkg.
-!include MdePkg/MdeLibs.dsc.inc
-
 ################################################################################
 #
 # Pcd Section - list of all EDK II PCD Entries defined by this Platform
diff --git a/Platform/ARM/SgiPkg/RdV3/RdV3.dsc b/Platform/ARM/SgiPkg/RdV3/RdV3.dsc
index cf7606a5d147..3b62edb13f2f 100644
--- a/Platform/ARM/SgiPkg/RdV3/RdV3.dsc
+++ b/Platform/ARM/SgiPkg/RdV3/RdV3.dsc
@@ -22,13 +22,13 @@ [Defines]
   BOARD_DXE_FV_COMPONENTS        = Platform/ARM/SgiPkg/RdV3/RdV3.fdf.inc
   BUILD_NUMBER                   = 1
 
+# include common/basic libraries from MdePkg.
+!include MdePkg/MdeLibs.dsc.inc
+
 # include common definitions from SgiPlatform.dsc
 !include Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
 !include Platform/ARM/SgiPkg/SgiMemoryMap3.dsc.inc
 
-# include common/basic libraries from MdePkg.
-!include MdePkg/MdeLibs.dsc.inc
-
 ################################################################################
 #
 # Pcd Section - list of all EDK II PCD Entries defined by this Platform
diff --git a/Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc b/Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc
index 4ed64abecd31..f29272778d73 100644
--- a/Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc
+++ b/Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc
@@ -24,13 +24,13 @@ [Defines]
 
   DEFINE PCIE_ENABLE             = TRUE
 
+# include common/basic libraries from MdePkg.
+!include MdePkg/MdeLibs.dsc.inc
+
 # include common definitions from SgiPlatform.dsc
 !include Platform/ARM/SgiPkg/SgiPlatform.dsc.inc
 !include Platform/ARM/SgiPkg/SgiMemoryMap.dsc.inc
 
-# include common/basic libraries from MdePkg.
-!include MdePkg/MdeLibs.dsc.inc
-
 ################################################################################
 #
 # Pcd Section - list of all EDK II PCD Entries defined by this Platform
diff --git a/Platform/ARM/VExpressPkg/ArmVExpress-FVP-AArch64.dsc b/Platform/ARM/VExpressPkg/ArmVExpress-FVP-AArch64.dsc
index 3db99e3ba501..58d1530d84c7 100644
--- a/Platform/ARM/VExpressPkg/ArmVExpress-FVP-AArch64.dsc
+++ b/Platform/ARM/VExpressPkg/ArmVExpress-FVP-AArch64.dsc
@@ -40,8 +40,8 @@ [Defines]
 
   DT_SUPPORT                     = FALSE
 
-!include Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
 !include MdePkg/MdeLibs.dsc.inc
+!include Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
 !include DynamicTablesPkg/DynamicTables.dsc.inc
 
 [LibraryClasses.common]
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120491): https://edk2.groups.io/g/devel/message/120491
Mute This Topic: https://groups.io/mt/108262992/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 2/3] Platform/ARM: Move PcdEnforceSecureRngAlgorithms to MdePkg

[PierreGondois]

From: Pierre Gondois <pierre.gondois@arm.com>

Reflect the deplacement of PcdEnforceSecureRngAlgorithms from the
NetworkPkg to the MdePkg.

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
---
 Platform/ARM/JunoPkg/ArmJuno.dsc             | 2 +-
 Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Platform/ARM/JunoPkg/ArmJuno.dsc b/Platform/ARM/JunoPkg/ArmJuno.dsc
index 89ce9abb240b..b0edecdc399c 100644
--- a/Platform/ARM/JunoPkg/ArmJuno.dsc
+++ b/Platform/ARM/JunoPkg/ArmJuno.dsc
@@ -219,7 +219,7 @@ [PcdsFixedAtBuild.common]
   #
   # Juno Support Trng. Override PcdEnforceSecureRngAlgorithms.
   #
-  gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE
+  gEfiMdePkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|TRUE
 
 [PcdsPatchableInModule]
   # Console Resolution (Full HD)
diff --git a/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc b/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
index 931eff2355d4..6d7d955b9b8f 100644
--- a/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
+++ b/Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc
@@ -452,7 +452,7 @@ [PcdsFixedAtBuild.common]
   #
 
 !if $(ENABLE_UNSAFE_RNGLIB) == TRUE
-  gEfiNetworkPkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE
+  gEfiMdePkgTokenSpaceGuid.PcdEnforceSecureRngAlgorithms|FALSE
 !endif
 
 [PcdsDynamicHii.common.DEFAULT]
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120492): https://edk2.groups.io/g/devel/message/120492
Mute This Topic: https://groups.io/mt/108262993/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

[edk2-devel] [PATCH 3/3] Platform/ARM/Juno: Use DxeRngLib.inf as default RngLib implementation

[PierreGondois]

From: Pierre Gondois <pierre.gondois@arm.com>

Juno's RngLib implementation is:
- BaseRngLib.inf if a secure RngLib is enforced
- BaseRngLibTimerLib.inf if a non-secure RngLib is tolerated

BaseRngLib.inf relies on the Arm's RNDR instruction. The instruction
returns a DRBG-generated random number. The DRBG used is considered
as secure.
The RNDR instruction is available if FEAT_RNG is set. The Juno doesn't
support it.

When security is enforced (i.e. ENABLE_UNSAFE_RNGLIB is not set),
the Juno cannot generate secure random numbers through the RngLib.
Secure random numbers could be generated by using the Juno's TRNG.
This can be done by:
- using the RngDxeLib implementation of the RngLib
- RngDxeLib relies on the RngDxe
- the RngDxe has access to the TRNG

Signed-off-by: Pierre Gondois <pierre.gondois@arm.com>
---
 Platform/ARM/JunoPkg/ArmJuno.dsc | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/Platform/ARM/JunoPkg/ArmJuno.dsc b/Platform/ARM/JunoPkg/ArmJuno.dsc
index b0edecdc399c..ea665fd2b481 100644
--- a/Platform/ARM/JunoPkg/ArmJuno.dsc
+++ b/Platform/ARM/JunoPkg/ArmJuno.dsc
@@ -45,6 +45,8 @@ [LibraryClasses.common]
   # Trng Supports.
   ArmMonitorLib|ArmPkg/Library/ArmMonitorLib/ArmMonitorLib.inf
   ArmTrngLib|ArmPkg/Library/ArmTrngLib/ArmTrngLib.inf
+  # Rng
+  RngLib|MdePkg/Library/DxeRngLib/DxeRngLib.inf
 
   NorFlashDeviceLib|Platform/ARM/Library/P30NorFlashDeviceLib/P30NorFlashDeviceLib.inf
   NorFlashPlatformLib|Platform/ARM/JunoPkg/Library/NorFlashJunoLib/NorFlashJunoLib.inf
@@ -407,6 +409,18 @@ [Components.common]
   # SCMI Driver
   ArmPkg/Drivers/ArmScmiDxe/ArmScmiDxe.inf
 
+  #
+  # Rng
+  #
+  SecurityPkg/RandomNumberGenerator/RngDxe/RngDxe.inf {
+    <LibraryClasses>
+    !if $(ENABLE_UNSAFE_RNGLIB) == TRUE
+      RngLib|MdeModulePkg/Library/BaseRngLibTimerLib/BaseRngLibTimerLib.inf
+    !else
+      RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf
+    !endif
+  }
+
 [Components.AARCH64]
   #
   # EBC
-- 
2.25.1



-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120493): https://edk2.groups.io/g/devel/message/120493
Mute This Topic: https://groups.io/mt/108262994/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 0/3] Platform/ARM/Juno: Use RngDxeLib

[Ard Biesheuvel via groups.io]

On Wed, 4 Sept 2024 at 13:39, <Pierre.Gondois@arm.com> wrote:
>
> From: Pierre Gondois <pierre.gondois@arm.com>
>
> Juno's RngLib implementation is:
>
> - BaseRngLib.inf if a secure RngLib is enforced
> - BaseRngLibTimerLib.inf if a non-secure RngLib is tolerated
>
> BaseRngLib.inf relies on the Arm's RNDR instruction. The instruction
> returns a DRBG-generated random number. The DRBG used is considered
> as secure.
> The RNDR instruction is available if FEAT_RNG is set. The Juno doesn't
> support it.
>
> When security is enforced (i.e. ENABLE_UNSAFE_RNGLIB is not set),
> the Juno cannot generate secure random numbers through the RngLib.
> Secure random numbers could be generated by using the Juno's TRNG.
> This can be done by:
>
> - using the RngDxeLib implementation of the RngLib
> - RngDxeLib relies on the RngDxe
> - the RngDxe has access to the TRNG
>
> Pierre Gondois (3):
>   Platform/ARM: Place MdeLibs.dsc.inc as the first include
>   Platform/ARM: Move PcdEnforceSecureRngAlgorithms to MdePkg
>   Platform/ARM/Juno: Use DxeRngLib.inf as default RngLib implementation
>

Reviewed-by: Ard Biesheuvel <ardb@kernel.org>

Please ping me when this can be merged.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120494): https://edk2.groups.io/g/devel/message/120494
Mute This Topic: https://groups.io/mt/108262991/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [edk2-devel] [PATCH 0/3] Platform/ARM/Juno: Use RngDxeLib

[Sami Mujawar]

Hi Pierre,

Thank you for these changes.

For this series.
Reviewed-by: Sami Mujawar <sami.mujawar@arm.com>

Regards,

Sami Mujawar

On 04/09/2024, 12:39, "Pierre.Gondois@arm.com <mailto:Pierre.Gondois@arm.com>" <Pierre.Gondois@arm.com <mailto:Pierre.Gondois@arm.com>> wrote:


From: Pierre Gondois <pierre.gondois@arm.com <mailto:pierre.gondois@arm.com>>


Juno's RngLib implementation is:


- BaseRngLib.inf if a secure RngLib is enforced
- BaseRngLibTimerLib.inf if a non-secure RngLib is tolerated


BaseRngLib.inf relies on the Arm's RNDR instruction. The instruction
returns a DRBG-generated random number. The DRBG used is considered
as secure.
The RNDR instruction is available if FEAT_RNG is set. The Juno doesn't
support it.


When security is enforced (i.e. ENABLE_UNSAFE_RNGLIB is not set),
the Juno cannot generate secure random numbers through the RngLib.
Secure random numbers could be generated by using the Juno's TRNG.
This can be done by:


- using the RngDxeLib implementation of the RngLib
- RngDxeLib relies on the RngDxe
- the RngDxe has access to the TRNG


Pierre Gondois (3):
Platform/ARM: Place MdeLibs.dsc.inc as the first include
Platform/ARM: Move PcdEnforceSecureRngAlgorithms to MdePkg
Platform/ARM/Juno: Use DxeRngLib.inf as default RngLib implementation


Platform/ARM/JunoPkg/ArmJuno.dsc | 19 +++++++++++++++++--
Platform/ARM/Morello/MorelloPlatformFvp.dsc | 6 +++---
Platform/ARM/N1Sdp/N1SdpPlatform.dsc | 2 +-
Platform/ARM/SgiPkg/RdE1Edge/RdE1Edge.dsc | 6 +++---
Platform/ARM/SgiPkg/RdN1Edge/RdN1Edge.dsc | 6 +++---
Platform/ARM/SgiPkg/RdN1EdgeX2/RdN1EdgeX2.dsc | 6 +++---
Platform/ARM/SgiPkg/RdN2/RdN2.dsc | 6 +++---
Platform/ARM/SgiPkg/RdN2Cfg1/RdN2Cfg1.dsc | 6 +++---
Platform/ARM/SgiPkg/RdN2Cfg2/RdN2Cfg2.dsc | 6 +++---
Platform/ARM/SgiPkg/RdN2Cfg3/RdN2Cfg3.dsc | 6 +++---
Platform/ARM/SgiPkg/RdV1/RdV1.dsc | 6 +++---
Platform/ARM/SgiPkg/RdV1Mc/RdV1Mc.dsc | 6 +++---
Platform/ARM/SgiPkg/RdV3/RdV3.dsc | 6 +++---
Platform/ARM/SgiPkg/Sgi575/Sgi575.dsc | 6 +++---
.../VExpressPkg/ArmVExpress-FVP-AArch64.dsc | 2 +-
Platform/ARM/VExpressPkg/ArmVExpress.dsc.inc | 2 +-
16 files changed, 56 insertions(+), 41 deletions(-)


--
2.25.1





IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.


-=-=-=-=-=-=-=-=-=-=-=-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#120495): https://edk2.groups.io/g/devel/message/120495
Mute This Topic: https://groups.io/mt/108262991/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=-=-=-=-=-=-=-=-=-=-=-